12 Android Apps Infected with VajraSpy Malware: Remove Immediately
In 2025, smartphone security remains more crucial than ever, especially with the rise of malicious apps that can compromise privacy. A recent investigation by cybersecurity experts at ESET revealed the presence of twelve dangerous Android apps that listen to your conversations and collect your personal data without your knowledge. These apps, six of which circulated on the official Google Play Store before being removed, have been downloaded more than 1,400 times and continue to pose a serious threat to users of brands such as Samsung, Xiaomi, and Huawei.
These apps, infected with a Trojan horse called VajraSpy, can infiltrate your phone to spy on your communications, record your calls, steal your messages, and track your location in real time. The malware operates stealthily in the background, making it particularly difficult for the average user to identify its activity. Furthermore, hackers use sophisticated social engineering techniques, including romance scams on Facebook Messenger or WhatsApp, to trick victims into downloading this malware.
The compromised apps fall into three categories: those mimicking traditional messaging apps, those with advanced spying capabilities via access permissions, and a fake news app that masks its true purpose. Among the most dangerous apps are Rafaqat, Privee Talk, MeetMe, Let’s Chat, Quick Chat, Chit Chat, YohooTalk, TikTalk, Hello Cha, Nidus, GlowChat, and Wave Chat. The latter can record keystrokes, remotely activate the microphone, and intercept conversations on WhatsApp and Signal.
If these names sound familiar, it’s crucial to remove them immediately, regardless of your smartphone brand, whether it’s a brand-new Samsung or an older Xiaomi model. Ignoring this threat exposes your device and data to widespread theft and near-constant digital espionage.
Discover which Android apps to uninstall to protect your security and preserve the privacy of your personal data.
How VajraSpy infiltrates your Samsung, Xiaomi, and Huawei phones: the cybercriminals’ modus operandi
The VajraSpy malware poses an insidious threat not only because of its advanced technology but also because of the strategies hackers use to infiltrate phones. Analyzing the most common devices, such as those from Samsung, Xiaomi, and Huawei, reveals that the infection vectors are not purely technical; they rely heavily on psychological manipulation.
Cybercriminals, for example, send fraudulent links via instant messaging, often disguised as secret messaging apps or enhanced communication tools. The target is then encouraged to install these apps under the guise of privacy or an improved user experience. Once installed, the app automatically activates VajraSpy’s malicious code, which begins collecting personal data without any visible signs.
Furthermore, the collaborative nature of app stores like the Google Play Store, where six of these apps managed to pass through checks before ultimately being banned, reveals a flaw in the automated verification system. For a Samsung user accustomed to downloading from this official platform, trust is therefore misplaced, highlighting the need for vigilance in checking the permissions requested by each app.
The complexity of the Trojan horse’s operation also lies in its ability to exploit Android’s accessibility permissions, granting near-total access to the smartphone’s functions. This system is used to intercept highly private conversations on popular apps like WhatsApp and Signal. The spread of malware within this ecosystem is all the more concerning given that Android apps on different manufacturers do not all receive the same level of security updates, making some models more vulnerable than others. The role of reputable antivirus programs like Avast, Malwarebytes, Bitdefender, and Kaspersky is crucial here. These programs can detect and isolate certain suspicious behaviors associated with these apps. However, the best defense remains skepticism regarding the sources and permissions of applications at the time of installation.
Romance scams and social engineering techniques are behind the expansion of these spy apps.
At the heart of the spread of these 12 applications lies a formidable method of emotional manipulation: romance scams. This type of attack particularly targets vulnerable users seeking social connection on networks such as Facebook Messenger or WhatsApp. Using false identities, cybercriminals establish an atmosphere of trust and complicity, then encourage their victims to download a supposedly secure application to continue their conversations.
This technique relies on exploiting trust and human emotions to mask the software’s inherent danger. Thus, the victim doesn’t perceive the immediate threat, focuses on the virtual relationship, and installs the application on their Samsung or Xiaomi smartphone, thereby facilitating the intrusion of the VajraSpy malware. Once the door is open, the hackers collect private conversations, call logs, photos, and even banking data if it passes through the mobile device.
This social engineering strategy highlights the crucial importance of maintaining a critical perspective on app installation requests, especially when they originate from people met online. The risk is even greater because these apps, sometimes circulating outside the Google Play Store via APK files shared through links, evade the platforms’ automated monitoring and are not always detected by built-in security software.
The consequences for a user can be devastating, ranging from the leakage of personal data to the loss of access to their smartphone, which can then be used to distribute illicit content or launch other cyberattacks. The accounts of several victims in 2025 demonstrate that seemingly innocuous behavior on WhatsApp or TikTok can turn into a true digital nightmare. This reality underscores the need for ongoing education on mobile security and the mechanisms of emotional scams.
Disturbing features of malicious apps detected on Android: spying and data collection
The apps compromised by VajraSpy are distinguished by their ability to extract a wide range of confidential information by exploiting advanced Android features in a roundabout way. Among the permissions abusively requested are access to the microphone, contacts, SMS messages, and real-time GPS tracking. These features, found on all types of Android devices—whether Samsung, Huawei, or Xiaomi—are normally subject to strict limitations to protect privacy. Infected messaging apps, while appearing as basic communication tools, simultaneously collect sensitive files and information about the software installed on the device. This data can then be used to target the victim with aggressive advertising campaigns, or worse, for digital identity theft.
In the category of apps with enhanced spying capabilities, Wave Chat stands out. This application can record phone calls, keystrokes, and remotely activate the microphone to listen to ambient sounds without the user’s knowledge. These features are particularly concerning because they violate privacy and open the door to continuous surveillance worthy of spy movies. A unique case is represented by an application falsely presented as a news service, but which masks its malicious intentions by collecting phone numbers, contacts, and personal files. Despite its innocuous appearance, this spy app has also greatly benefited from users’ lack of understanding regarding Android permission settings.
It is important to understand that adhering to Android security updates, regardless of the smartphone manufacturer like Huawei, is a crucial barrier to limiting the impact of these malicious applications. Enterprise security technologies like those from Avast, Bitdefender, and Kaspersky continue to improve, detecting these threats as soon as they appear on users’ devices.
Android Spyware Protection Strategies: Best Practices and Essential Tools
Faced with the growing threat posed by these 12 Android spyware apps, adopting cautious behavior is imperative. Vigilance must begin from the outset, that is, during the download and installation of an application. Never clicking on a link from a stranger on platforms such as Facebook Messenger or WhatsApp is a golden rule, stopping intrusion attempts before they even begin.
It is also essential to meticulously check the permissions requested by a new application. For example, a standard messaging app should not require permanent access to the microphone or GPS location. These requests should alert the user and lead to the installation being stopped.
Regularly updating the Android operating system is an often overlooked but crucial security measure, as each update patches vulnerabilities exploited by malware like VajraSpy. Manufacturers such as Samsung, Xiaomi, and Huawei provide frequent patches that must be installed without delay.