SafeChat: Android message spyware app scam explained - who are Indian hackers Bahamut?

Tech experts are warning Android users to remove a specific app from their devices, as it may be able to steal your private messages from Facebook, WhatsApp and Telegram.

Indian hacking group Bahamut - which is suspected to have ties to the government - is thought to be behind the ironically named SafeChat, which is believed to contain malware used to attack Android users' chat apps and steal data.

The app, which uses spyware and can track GPS whereabouts, call logs and text messages, has been taken down from the Google Play store, but can continue to operate on any phones that have already downloaded it, and could steal data before users realise it is a hacking scam.

A report from cyber firm Cyfirma says: "If the Bahamut spyware is enabled, then it can be remotely controlled by Bahamut operators and can exfiltrate various sensitive device data, such as contacts, SMS messages, call logs, a list of installed apps, device location, device accounts."

Tech experts are unsure of how the hackers tricked people into downloading SafeChat, but a common theory is that SafeChat's false promise of a "more secure" platform could have been tempting users to make the switch.

Hacking group Bahamut was founded in 2017 and has previously targeted users on iOS, Android and Windows devices. In 2022, it was linked to a number of fake VPN programmes created to steal personal information while monitoring a person's chats on several different apps, including WhatsApp and Facebook.

Eight separate Bahamut spyware variants were reportedly found, and the group is reportedly connected to a specific state government.

Bahamut typically targets phones and devices in the South Asia region, though SafeChat was available for download around the world, putting more Android users at risk.