PJobRAT Disguised as Android Dating App Steals Contacts, SMS & GPS data


While during their investigation they identified that for Non-resident Indians this recent version is disguising as a popular dating app known as “Trendbanter,” and simulating the instant messaging app, Signal.

The cybersecurity specialists of Cyble along with 360 Core Security Lab have recently found the PJobRAT spyware in dating and immediate messaging apps Not only that even, the experts have likewise declared that the spyware samples camouflaged themselves as Android dating apps.

Information collected by PJobRAT via phony apps.

Considering that December 2019 the current variation of PJobRAT spyware has been around, as reported by the scientists at 360 Core Security Lab.

In the current period, hackers are continuously evolving and utilizing their methods to perform new attack vectors to target users from various sectors around the world, as reported by the security researchers at Cyble.

The spyware campaign that presently discovered mainly targeting the Indian military workers, and since January 2021 this project has been active.

Other apps utilized

Moreover, through different medium and third-party app stores, the threat actors accomplish their circulation goals in which they distribute all these spyware.

Types of Documents it Exfiltrates.

In some cases, the researchers have identified that it likewise mimic other apps also, and here they are pointed out listed below:-.

While the specialists have actually asserted that to hide in the app list, it mimics WhatsApp or any genuine-looking app. The most unusual thing is that it doesnt even match the icon revealed in the app shop with the set up one.


The kinds of files that it able to exfiltrate from the infected device are pointed out below:-

The total list of abilities of PJobRAT spyware is pointed out below:-.

Publish address book.
Submit SMS.
Upload audio files.
Upload video file.
Publish image file.
Submit a list of installed apps.
Upload a list of external storage files.
Submit WiFi and GPS info.
Upload geographical location.
Update contact number.
Recording by means of the mic or camera.
Upload WhatsApp contacts and messages.

The security scientists at 360 Core Security Lab has actually concluded that the hazard stars behind PJobRAT spyware could be Pakistani or chinese hackers, and thats why their main goal was to spy on Indian military workers.

In terms of its code, the spyware remains the same, and not just that even it likewise engages with the very same facilities too..

. doc
. xls
. ppt
. docx
. xlsx
. pdf
. pptx.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

The experts have actually affirmed that the threat actors behind this spyware are not so advanced, because their private servers are openly accessible in which they hold the exfiltrated information.

The types of documents that it able to exfiltrate from the contaminated device are pointed out listed below:-