Global cybersecurity experts and digital privacy company Kaspersky have announced that overall cyber threats in Pakistan increased by 17% in 2024 compared to the previous year. Cybersecurity researchers have also uncovered a new spyware operation targeting users in Pakistan that uses trojanized versions of authorized Android apps to carry out undercover surveillance and espionage.

Once installed, these apps request intrusive permissions, including access to contacts, file system, location, microphone, and read SMS messages, allowing them to collect a wide range of data on a victim’s device. In this research article, our Tashheer research team will compile a list of some trojanized apps that secretly spy on users in Pakistan. If you are facing any security issues and want to file a complaint against cybercrime in Pakistan, learn how to file a complaint against cybercrime for effective recourse and support.

List of 5 Trojanized Apps That Secretly Spying on Users in Pakistan

Spyware masquerades as apps like Pakistan Citizen Portal, Pakistan Salat Time, Mobile Packages Pakistan, Registered SIMs Checker, and TPL Insurance. These malicious versions secretly download a payload as an Android Dalvik executable (DEX) file, concealing their operations. The stolen data can have serious consequences, which means it can be used for Identity Theft, Targeted Scams, and Information Leaks. Sophos threat researchers Andrew Brandt and Pankaj Kohli said, “The DEX payload contains most of the malicious features, which can covertly exfiltrate sensitive data like the user’s contact list and the full content of SMS messages.” This app then sends this secret information to one of a few command-and-control websites hosted on servers that people in Eastern Europe control.

Surprisingly, a fake website pretending to be the Pakistan Citizen Portal was displayed as a static image on the Trading Corporation of Pakistan (TCP) website. Learn how to register your complaint on the Pakistan Citizen Portal (PCP) for efficient grievance resolution and government assistance.
They put it there like a picture, an apparent attempt to deceive people into downloading a harmful app without knowing. If you visit the TCP website (tcp.gov.pk) right now, you will see a message “Down for Maintenance.” In addition to the apps mentioned above, Sophos researchers also uncovered a separate app called Pakistan Chat that didn’t have a benign analog distributed via the Google Play Store. However, this app used the API of a legitimate chat service called ChatGum.

One of the main aims of all these apps is to conduct covert surveillance and exfiltrate data from a target device. In addition to sending the unique IMEI identifier, the DEX payload transmits detailed profile info, location data, contact lists, text messages, call logs, and directory listings from the device’s storage. Troublingly, these malicious Pakistan Citizen Portal apps also transmit sensitive information such as user’s computerized national identity card (CNIC) numbers, passport details, and Facebook and other account usernames and passwords. Explore the expertise of the Top 7 Cybersecurity Consulting Companies in Pakistan for robust security solutions and consultation services.

Pankaj Kohli said, “The spying and covert surveillance capability of all these modified Android apps highlight the risks of spyware to smartphone users worldwide.”

Cyber adversaries target mobile devices not only to steal sensitive and personal information but also because they give access to real-time windows into people’s lives, movements, physical locations, and even live conversations that can be heard within the listening range. If anything, the development is another reason why users must stick to trusted sources to download third-party apps, verify if a genuine developer builds an app and carefully scrutinize app permissions before installation.

The researchers concluded, “In the current Android ecosystem, apps are signed with codes to prove they come from a real source, linking the app to its developer. Unfortunately, Android doesn’t effectively notify users when a signed app’s certificate isn’t valid. Consequently, users lack a straightforward method to verify if an app truly comes from its legitimate developer.” They continued, “The existence of many app stores and the freedom of users to download an app from practically anywhere makes it even harder to combat such threats.” Discover the 8 Best WiFi Cracking Apps for Android to enhance your network security testing capabilities.

The threat actors likely used targeted honey-trap romance scams to attract their victims, initially contacting them on another platform and then convincing them to switch to a trojanized chat app.

ESET researcher Lukáš Štefanko advises, “Cybercriminals are adept at using social engineering as a powerful weapon to trick users. We strongly recommend against clicking any link to download an app shared in a chat conversation. It can be hard to stay immune to spurious romantic advances, but always being vigilant pays off.”

Here is a list of some additional recommendations on how to stay safe:

GuidelineDescription
Download from Official StoresOnly download apps from the Google Play Store or authorized app stores.
Check Reviews and PermissionsRead reviews and scrutinize app permissions before downloading.
Use Antivirus SoftwareInstall a reputable antivirus app to detect and block potential threats.
Keep Software UpdatedRegularly update the operating system and apps of your phone to patch security vulnerabilities.
Be Aware of Unfamiliar AppsIf an app seems too good to be true, it probably is. Do your research before installing.
Tashheer Logo
In 2024, researchers reported an increase of 35% in trojan attacks which hide themselves as legitimate computer programs but are mainly used by cyber criminals to run malicious code. In this research article, our Tashheer research team compiled a list of some trojanized apps that secretly spy on users in Pakistan. By staying informed and practicing good cybersecurity habits, you can protect yourself from these hacking apps and other link threats.

About the Author: Alishba

Alishba Zaheer is the lead content writer at Tashheer Digital and has a genuine passion for storytelling. With her team of skillful content writers, her expertise lies in the ability to seamlessly adapt writing style to various niches, checking new trends in Tech, especially in Pakistan. She stays ahead of the curve and maintains her dedication to writing excellence. Among other things, she has been instrumental in researching local brands, Pakistani products, and services, providing benchmark articles for Pakistani audiences.