Researchers have discovered a small cluster of Trojanized versions of Android apps, mainly marketed to people who live in Pakistan. Someone has modified these otherwise legitimate apps (clean versions are available for download on the Google Play Store) to add malicious features that seem completely focused on covert surveillance and espionage. The modified apps look identical to their legitimate counterparts, and even perform their normal functions, but are designed to, initially, profile the phone, and then download a payload in the form of an Android Dalvik executable (DEX) file. The DEX payload contains most of the malicious features, which include the ability to covertly exfiltrate sensitive data like the user’s contact list and the full contents of SMS messages. The app then sends this information to one of a small number of command-and-control websites hosted on servers located in eastern Europe.
There are many errors in the splash page along with the copyrights section has a different take.