PJobRAT Disguised as Android Dating App Steals Contacts, SMS & GPS data


The cybersecurity professionals of Cyble in addition to 360 Core Security Lab have recently found the PJobRAT spyware in dating and immediate messaging apps Not just that even, the analysts have likewise claimed that the spyware samples disguised themselves as Android dating apps.

While throughout their investigation they detected that for Non-resident Indians this current variation is disguising as a popular dating app called “Trendbanter,” and imitating the instantaneous messaging app, Signal also.

Considering that December 2019 the recent version of PJobRAT spyware has been around, as reported by the scientists at 360 Core Security Lab.

In the current period, hackers are continuously progressing and utilizing their strategies to execute brand-new attack vectors to target users from different sectors around the world, as reported by the security researchers at Cyble.

Data collected by PJobRAT by means of fake apps.

The spyware campaign that currently revealed generally targeting the Indian military personnel, and considering that January 2021 this project has been active.

Other apps utilized

Through different medium and third-party app stores, the danger stars accomplish their distribution objectives in which they distribute all these spyware.

In some cases, the scientists have recognized that it also imitate other apps as well, and here they are mentioned listed below:-.

Types of Documents it Exfiltrates.

While the professionals have actually asserted that to hide in the app list, it imitates WhatsApp or any genuine-looking app. The most strange thing is that it does not even match the icon shown in the app store with the installed one.


The types of files that it able to exfiltrate from the infected gadget are mentioned below:-

Submit address book.
Publish SMS.
Upload audio files.
Upload video file.
Publish image file.
Publish a list of installed apps.
Upload a list of external storage files.
Submit WiFi and GPS information.
Upload geographical place.
Update contact number.
Recording by means of the mic or video camera.
Submit WhatsApp messages and contacts.

The analysts have affirmed that the threat stars behind this spyware are not so advanced, because their private servers are publicly accessible in which they hold the exfiltrated data.

The security scientists at 360 Core Security Lab has concluded that the hazard actors behind PJobRAT spyware might be Pakistani or chinese hackers, whichs why their primary objective was to spy on Indian military personnel.


The complete list of abilities of PJobRAT spyware is pointed out below:-.

You can follow us on Linkedin, Twitter, Facebook for everyday Cybersecurity and hacking news updates.

In regards to its code, the spyware stays the very same, and not only that even it likewise engages with the exact same infrastructure also..

The types of documents that it able to exfiltrate from the infected device are discussed below:-