Google has removed an Android app called SmeshApp that was reportedly used by Pakistani agencies to spy on the Indian Army. This comes after CNN-IBN had published a report, which said that the app was used to get tactical, as well as personal information of army personnel. The spyware disguised itself has a calling and chat app. Once installed, the app would steal information such as phone calls, text messages, photographs, and even track the user’s GPS coordinates. This information is then sent over to a server located in Germany that is hosted by a man called Sajid Rama, who is based out of Karachi.
All three services of the Indian armed forces (Army, Navy, and Air Force) along with the Border Security Force (BSF) and the Central Industrial Security Force (CISF) were targeted. As per the report, fake Facebook profiles were used to lure officers into honey traps, with more than 10 such fake profiles being used. The handlers would first identify ‘soft’ targets before trying to lure them in. While field-level officers were the prime targets, retired personnel were targeted as well. The government has since issued new advisories regarding the use of social media in the Army. Personnel are told not to use chat apps like WeChat or Line and are advised not to reveal their designation or posting location on social media. In addition, they are asked not to post pictures in uniform or accept friend requests from strangers.