Security Experts:

Connect with us

Hi, what are you looking for?


Mobile & Wireless

Android Spyware Snoops on Government, Military Security Job Seekers

New Android spyware, apparently targeting government security job seekers, has been detected in Saudi Arabia. The code is poor but the malware works efficiently, claims McAfee in a report published yesterday.

New Android spyware, apparently targeting government security job seekers, has been detected in Saudi Arabia. The code is poor but the malware works efficiently, claims McAfee in a report published yesterday.

The spyware openly masquerades as a chat app called Chat Private. McAfee claims it is working in tandem with a job site that offers work for security personnel in government or military jobs. In reality the site seems much like any other job site and advertises many different job sectors, including for example, media, accounting, education, medical and so on.

McAfee is confident that the malware is associated with the job site because it “steals user contacts, SMS messages, and voice calls from infected devices and forwards them to the attacker’s server, which is in the same location as the job site.” The report provides two low-res screenshots of the website’s home page and a page titled The latter actually says, in Arabic, “Sorry, but the page you requested does not exist. Try using a search engine.”

There is no indication on how the app is introduced to its victims, and McAfee was unable to give SecurityWeek any further information.

The app itself could be described as efficient but uninspired. When run it simply shows the user’s network carrier and phone number, and then effectively disappears by hiding its application icon from the menu.

In background it gathers device information, contacts, browser history, SMS messages, and call logs on the infected device, and posts them to a MySQL database on the attacker’s server. It also sends a message, “New victim arrived.” It is this and other ‘unprofessional’ indicators that prompt mcAfee to suggest that the author is a ‘script kiddie’ rather than a seasoned malware developer.

Other examples include the use of the term ‘spy’ in the package name, and use of the open-source ‘call-recorder-for-android’ that can be found on GitHub.

McAfee is concerned about the implications of this malware. “The motives behind the spyware author are not clear, but considering the jobs that were being advertised on the site, the implications should not be underestimated. The leaked information poses a serious security threat. We have reported this spyware campaign to the Computer Emergency Response Team in Saudi Arabia for additional investigation.”

However, when SecurityWeek checked the job site we could find no reference to the Chat Private app. Unless distribution of the app is specifically targeted at government and military applicants, it seems to do little more than steal users’ private information and send it to a recruitment firm.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

Chinese tech giant Huawei patched nearly 300 vulnerabilities in its HarmonyOS operating system in 2022.