Hackers are using a fake Android app named ‘SafeChat’ to infect devices with spyware malware that steals call logs, texts, and GPS locations from phones.
The Android spyware is suspected to be a variant of “Coverlm,” which steals data from communication apps such as Telegram, Signal, WhatsApp, Viber, and Facebook Messenger.
I have a hard time seeing how this app gets my Signal info, SMS is no longer supported in Signal.
I suspect fear mongering as it likely DOES take screenshots and since it has the device infected, it grabs the time/position and other intelligence it can grab. I don’t believe for a second they actually hacked the Signal app itself.
Wait it isn’t? Are you telling me all the SMS I have received were sent into the pitch black abyss?
SMS was supported back when I was on android, roughly a year ago, since it handled all of my texting (signal or standard) but it was already broken up in iOS at that point, and they were dropping support for SMS on android (announced October 2022).
I lost SMS support this spring, Signal posted about this in October 2022. I’m on Android and PC.
Anything with the word ‘safe’ in it should be immediately distrusted.
Probably why Google went from SafetyNet to Play Integrity. Maybe we should also start distrusting “integrity” as well, given how they’re trying to push the Web Integrity crap.
deleted by creator
And give it accessibility permission, which comes with a big fat warning. Basically you need to tell Android “yes, install and run this random app I don’t really need, and give it access to all my info”.
“Hackers”.
The signal user data is only phone number and the date when the account was created iirc.
The malware is running on the user’s phone. There it has access to all of the data, including message contents. Doesn’t matter how secure the server and message encryption are.
Signal’s servers were not comprimised. And like you said that would only give them a minimal dataset.
deleted by creator
Yeah but that wouldn’t solve this issue? The malware stole data from the app on the users device, not from a server.
Thats technically possible?
Oh my goodness.
Did you read the article? Or even the summary. It states that the attack was an Android app names SafeChat that infected the phone and retrieved chat logs, etc.
As much as I love the decision to be able to sideload apps on iOS I fear that we’ll start seeing headlines like these.
deleted by creator
What do you mean? Similar vulnerabilities/apps/phishing has been available on iOS since at least 2020.
They are way less than Android and Apple revokes the app certificate so even the downloaded ones stop to work.
Also the rare cases this happened in iOS the number of affected users were way small
This is a bad whatabotism since the scale is completely different and I really fear side loading. Specially because some developers will force users to get stuff outside the App Store putting everyone in risk.
