The Pakistan Telecommunication Authority (PTA) has issued a Cyber Security Advisory on a Patchwork spyware campaign using romance scams.
Classified as state-sponsored espionage, the advisory highlights the affected software and services as Android apps like MeetMe, Let’s Chat, Quick Chat, Rafaqat, and Wave Chat. The attack vector is identified as network/social engineering.
According to the advisory, the suspected Indian state-sponsored hacking group, Patchwork, has deployed at least 12 malicious Android apps via Google Play, targeting victims through romance scams. The Advanced Persistent Threat (APT) group lured victims into downloading these malicious apps, including messengers and a fake news app.
Once installed, the VajraSpy malware activates, enabling the exfiltration of sensitive data such as contacts, SMS messages, call logs, device location, and files.
According to the advisory, advanced functionalities of the malware include intercepting messages from apps like WhatsApp and Signal, recording phone calls, taking pictures, logging keystrokes, and scanning for Wi-Fi networks. Patchwork has a known history of state-sponsored cyber-espionage activities.
The PTA advises users to regularly check app permissions and reviews before downloading applications, even from official stores, and to use mobile security solutions to detect and prevent the installation of malicious apps. It is recommended to educate users about the risks of romance scams and the importance of verifying the legitimacy of apps. Implementing multi-factor authentication adds an extra layer of security to account logins.
The advisory has asked the users to stay informed about state-sponsored cyber threats and implement security measures accordingly. In case of suspected compromise, conduct thorough security audits and follow incident response protocols. Any incidents should be reported to the PTA through the CERT Portal and email.
