PJobRAT Disguised as Android Dating App Steals Contacts, SMS & GPS data


The cybersecurity experts of Cyble along with 360 Core Security Lab have just recently identified the PJobRAT spyware in dating and immediate messaging apps Not just that even, the analysts have likewise claimed that the spyware samples disguised themselves as Android dating apps.

In the current era, hackers are continuously progressing and using their strategies to execute new attack vectors to target users from different sectors throughout the world, as reported by the security scientists at Cyble.

While throughout their examination they identified that for Non-resident Indians this current version is camouflaging as a well-known dating app referred to as “Trendbanter,” and imitating the instantaneous messaging app, Signal too.

The spyware campaign that currently uncovered generally targeting the Indian military personnel, and because January 2021 this project has been active.

Considering that December 2019 the current variation of PJobRAT spyware has actually been around, as reported by the scientists at 360 Core Security Lab.

Data collected by PJobRAT via fake apps.

Other apps used

While the specialists have actually asserted that to hide in the app list, it imitates WhatsApp or any genuine-looking app. The most unusual thing is that it doesnt even match the icon shown in the app shop with the set up one.

In many cases, the researchers have identified that it likewise mimic other apps as well, and here they are discussed below:-.

Through various medium and third-party app stores, the risk stars accomplish their distribution objectives in which they distribute all these spyware.

Types of Documents it Exfiltrates.


The types of files that it able to exfiltrate from the contaminated gadget are mentioned listed below:-

The total list of abilities of PJobRAT spyware is discussed listed below:-.

You can follow us on Linkedin, Twitter, Facebook for everyday Cybersecurity and hacking news updates.

The security scientists at 360 Core Security Lab has concluded that the risk stars behind PJobRAT spyware could be Pakistani or chinese hackers, whichs why their main objective was to spy on Indian military personnel.

. pdf
. ppt
. xls
. doc
. docx
. xlsx
. pptx.

In regards to its code, the spyware remains the exact same, and not only that even it also interacts with the exact same infrastructure as well..

The analysts have affirmed that the danger stars behind this spyware are not so advanced, considering that their personal servers are openly accessible in which they hold the exfiltrated information.

Upload address book.
Upload SMS.
Upload audio files.
Upload video file.
Upload image file.
Publish a list of set up apps.
Submit a list of external storage files.
Submit WiFi and GPS information.
Upload geographic location.
Update phone number.
Recording through the mic or camera.
Submit WhatsApp messages and contacts.

The types of documents that it able to exfiltrate from the contaminated gadget are pointed out below:-