Dark Caracal has trojanized Orbot, Signal, WhatsApp and other Android applications to exfiltrate files, contacts, messages and more.
More details in the Lookout - EFF report: https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf
lockch
in-skel' 
@U039b Thanks for the info. I just removed Orbot (which I did not actually use)
@U039b hmmm, if I understand well, the apps are compromised locally ONLY if I've clicked on a specific phishing message? The upstream servers (whisper systems, fdroid…) have not been compromised?
@milouse You are right.
@U039b ok thanks! I must admit I didn't take time to read about it and as I have 4 of the concerned app installed, I began to fear a little.
Dark Caracal : un malware gouvernemental vise les apps de messagerie (#Signal et #Whatsapp touchés)
http://www.frandroid.com/android/applications/securite-applications/483815_dark-caracal-un-malware-gouvernemental-vise-les-apps-de-messagerie-signal-et-whatsapp-touches
Un nouveau malware découvert par Lockout et l’EFF touche les applications téléchargées en dehors du Play Store.
Son fonctionnement est simple : les applications infectées se font passer pour des applications connues, comme Signal ou WhatsApp, et se servent des autorisations (appareil photo, micro, etc.) pour enregistrer des informations sur l’utilisateur.