Hackers are using a fake Android app named ‘SafeChat’ to infect devices with spyware malware that steals call logs, texts, and GPS locations from phones.

The Android spyware is suspected to be a variant of “Coverlm,” which steals data from communication apps such as Telegram, Signal, WhatsApp, Viber, and Facebook Messenger.

  • pumpsnabben@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    68
    ·
    1 year ago

    I have a hard time seeing how this app gets my Signal info, SMS is no longer supported in Signal.

    • Hyzerflip@lemmy.world
      link
      fedilink
      English
      arrow-up
      39
      ·
      1 year ago

      I suspect fear mongering as it likely DOES take screenshots and since it has the device infected, it grabs the time/position and other intelligence it can grab. I don’t believe for a second they actually hacked the Signal app itself.

    • Chadus_Maximus@lemm.ee
      link
      fedilink
      English
      arrow-up
      8
      ·
      edit-2
      1 year ago

      Wait it isn’t? Are you telling me all the SMS I have received were sent into the pitch black abyss?

      • pumpsnabben@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        I lost SMS support this spring, Signal posted about this in October 2022. I’m on Android and PC.

    • poop@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 year ago

      Yeah that claim seems fairly unsubstantiated by the rest of the article. It’s probably bullshit.

      • pumpsnabben@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        0
        arrow-down
        1
        ·
        1 year ago

        There is no system permission I’m aware of that will give other applications access to Signal which is an app made to be secure with at least a PIN code for accessing it.

    • loutr@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      And give it accessibility permission, which comes with a big fat warning. Basically you need to tell Android “yes, install and run this random app I don’t really need, and give it access to all my info”.

    • d3Xt3r@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 year ago

      Probably why Google went from SafetyNet to Play Integrity. Maybe we should also start distrusting “integrity” as well, given how they’re trying to push the Web Integrity crap.

  • PlexSheep@feddit.de
    link
    fedilink
    English
    arrow-up
    17
    arrow-down
    3
    ·
    1 year ago

    The signal user data is only phone number and the date when the account was created iirc.

    • Björn Tantau@swg-empire.de
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      2
      ·
      1 year ago

      The malware is running on the user’s phone. There it has access to all of the data, including message contents. Doesn’t matter how secure the server and message encryption are.

      Signal’s servers were not comprimised. And like you said that would only give them a minimal dataset.

  • CarlosCheddar@lemmy.world
    link
    fedilink
    English
    arrow-up
    16
    arrow-down
    52
    ·
    1 year ago

    As much as I love the decision to be able to sideload apps on iOS I fear that we’ll start seeing headlines like these.

    • pumpsnabben@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      44
      ·
      1 year ago

      What do you mean? Similar vulnerabilities/apps/phishing has been available on iOS since at least 2020.

    • donut4ever@lemm.ee
      link
      fedilink
      English
      arrow-up
      39
      ·
      1 year ago

      That’s why you never just download and install random shit from the Internet. You gotta know and trust your source. I sidelaod all the time. Never had an issue, I just don’t grab random shit from random sites.

    • Dran@lemmy.world
      link
      fedilink
      English
      arrow-up
      35
      ·
      1 year ago

      A user has to click a lot of buttons to make this work, android security is doing its job. If there’s any failing on android security’s part, it’s consolidating permissions into accessibility services instead of breaking them out into something a user might get scared to click.

      Then again, they did click accessibility services on a “secure messaging” app. They need to learn somehow. I just refuse to accept that the appropriate solution is not owning things you buy. There has to be a better way.

    • sramder@lemmy.world
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      1
      ·
      1 year ago

      I always chuckled at my Android friends having to run AV software on their phones, but then we got Pegasus and it got harder to be smug… then the shenanigans from “legitimate” devs like Über and Tencent. It doesn’t seem like blindly trusting Apple was a great idea anymore.

      • noodlejetski@geddit.social
        link
        fedilink
        English
        arrow-up
        12
        ·
        1 year ago

        Android friends having to run AV software on their phones

        which does nothing, because even IF the “antivirus” detects malware, it has no privileges necessary to remove it.

        • sramder@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Still a good first step… I always figured Android AV was more for people who already had a rooted phone?

          • Björn Tantau@swg-empire.de
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 year ago

            Anti virus software on a smartphone makes as much sense as on a PC. Eg none at all. You just increase the attack surface for some warm fuzzy feelings.

    • 98codes@lemm.ee
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      I won’t be sideloading anything onto my device that I can’t build myself from opensource and understand what it’s doing.

      The risk is too damn high otherwise.

    • DarkSideOfTheMoon@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      9
      ·
      edit-2
      1 year ago

      They are way less than Android and Apple revokes the app certificate so even the downloaded ones stop to work.

      Also the rare cases this happened in iOS the number of affected users were way small

      This is a bad whatabotism since the scale is completely different and I really fear side loading. Specially because some developers will force users to get stuff outside the App Store putting everyone in risk.