Pakistan Citizen Portal has a copy-cat malicious version

Written by Hamnah Khalid ·  1 min read >

SophosLabs by Sophos, an end-point security providing company has recently found Android Spyware on duplicated copies of otherwise legitimate Pakistani applications. The company says these copies have been made to specifically target local users

The analysts at SophosLabs have discovered a chain of trojanised versions of common applications in Pakistan. These applications include the Pakistan Citizen Portal app, Pakistan Salat Time, Mobile Packages Pakistan, TPL Insurance, and many more.

According to SophosLabs, these malicious apps, when downloaded, gain access to your sensitive data. These apps seemingly look exactly like the real ones. They also perform in the same way.

The applications also, after a while, download Android Dalvik executable files onto your mobiles devices. These DEX files contain malicious features and posses the ability to collect and send the user’s data back to the hackers’ servers, which are apparently based in Eastern Europe.

The most popular application that the hackers chose to duplicate is the Pakistan Citizen Portal, by the Prime Minister. SophosLabs has, according to them, made multiple attempts to bring these duped versions to the government’s attention in the past few days.

Not only have the hackers made copies of the applications, but they have also gone a step further. According to Virustotal records, at least one of the host websites is ‘’, which is an attempt at mimicking the Pakistan Citizen Portal page.

Some of these apps might also gain permission to make phone calls and send text messages which may cost you money.

So, to protect your data, beware of the applications that you are downloading. Always download apps directly from the Play Store and NOT through a redirected link. Also, always check what each app has access to. If a prayer timings app is asking for permission to go through your text messages or use the phone services, chances are it’s not a legitimate application.

Source: Sophos