A malicious messaging app that claims to be secure but spies on users and takes their data exists, security researchers warn.

According to cybersecurity firm ESET, Welcome Chat is a fully operational messaging service that allows developers to spy on users' personal information and is linked to a cyberespionage campaign in the Middle East. [Lukas Stefanko, a malware researcher at ESET, stated in a blog post on WeLiveSecurity.com: "This operation, which targets Android users via the malicious Welcome Chat app, is the latest in a series of cyberespionage campaigns that MITRE has appears to be linked to a malware called BadPatch, which is linked to the threat actor group Gaza Hackers, also known as Molerats.

"According to our analysis, the Welcome Chat app can spy on its victims. However, this is not simple spyware; Welcome Chat is a functional chat app that offers promised features along with hidden espionage capabilities.

The messaging app targets residents of Middle Eastern countries, where many well-known chat apps may be banned, and the app can be downloaded via the Google Play store and promoted through a website claiming to be secure.

ESET, however, warns that this "couldn't be further from the truth. The app is actually a spy tool that collects personal data, and the data it collects is placed freely available online and not available in the Play Store.

The Gaza Hackers group, also known as Gaza Cybergang, is a politically motivated spy group believed to operate from the Gaza Strip. Its primary targets are the Palestinian Authority, Israel, Jordan, and other Middle Eastern countries.

When users install apps, they are asked to allow the installation of apps from an unknown source.

When the app launches, it asks for permission to access text messages, files, device location, voice recordings, and contacts.

"Such an extensive list of intrusive permissions might normally arouse suspicion in victims - but in a messaging app, it is only natural that the app needs to deliver the promised functionality," Stefanko explained.

What users don't realize, however, is that they are actually allowing criminals to steal their personal data.

Stefanko says: "Immediately after receiving these permissions, Welcome Chat sends information about the device to the C&C (command and control server) so it can receive commands. It is designed to contact the C&C server every five minutes.

"In addition to the core function of espionage, which is to monitor users' chat communications, the Welcome Chat app also performs the following malicious actions: exfiltration of sent and received SMS messages, call history, contact lists, user photos, recorded phone calls, device GPS location information, and device information. malicious actions.

During the investigation, ESET researchers came to the conclusion that the hackers deploying Welcome Chat developed the app themselves.

Stefanko stated, "It is not difficult to create a chat app for Android. With this approach, attackers have better control over the compatibility of the app's malicious and legitimate features, so they can ensure that the chat app works."

The attacker can then use the app's malicious and legitimate features to create an app that is compatible with the app's legitimate features.

Android users are often targeted by malicious apps that steal user data. To mitigate this risk, one should download only reputable apps from the Google Play store, read online reviews, create unique passwords, and verify app permissions.

It would also be a good idea to install and use one of the best Android antivirus apps to block infections and remove any malware that may already be installed.