Researchers find Welcome Chat messaging app spies and exposes user data


Researchers find Welcome Chat messaging app spies and exposes user data

Welcome chat is a messaging app with lots of unique features that allow users to send and receive messages and multiple functions. The developer of the Welcome chat app promoted the app as a secure Chat messaging app but the researchers from ESET found that the app delivers more than the advertised chat functions and it was never part of the official Android store.

Its intended audience are Arabic-speaking users. It’s important to note that some countries in the Middle East ban this type of apps. However, the researchers say that the apps that are not available on the play store require to install from unknown sources feature on, and yes the same case is with the Welcome chat app.

Welcome Chat targets users from a specific region of the world and relies on open source code for recording calls, stealing text messages, and tracking. Researchers found spyware being advertised to chat-hungry users on a dedicated website. The malicious website promotes the Welcome Chat app, claiming it’s a secure chat platform that is available on the Google Play store. Both claims are false. In regard to the “secure” claim, nothing is further from the truth.

Not only is Welcome Chat an espionage tool; on top of that, but its operators also left the data harvested from their victims freely available on the internet. Once these apps get the consent from the user, Welcome Chat starts sending out information about the device and contacts its command and control (C2) server every five minutes for commands.

According to the research, the Welcome Chat app exposes all the sent and received text messages, call logs, contacts, photos, locations, recorded calls, and all the system information. It was also found that the code used for spying comes from public sources, either from open-source projects or code snippets published as examples on various forums.

“Transmitted data is not encrypted and because of that, not only it is available to the attacker, it is freely accessible to anyone on the same network,” ESET.

Initially, the researchers believed that Welcome Chat is a legitimate app contains trojan and tried to warn the developers. They found a clean variant only on VirusTotal. It was uploaded in mid-February, a week after the malicious version was submitted to the scanning platform.

For more news on tech and cybersecurity stay tuned on Android Rookies by subscribing to our newsletter from here.


About Author

Be Ready for the challenge

Notify of
Inline Feedbacks
View all comments