Multiple malicious Telegram clones were found on Google Play, amassing over 60,000 installations and jeopardizing users with insidious spyware. This malicious software was engineered to pilfer user messages, contact lists, and various other sensitive data.
These concerning apps were brought to light by cybersecurity firm Kaspersky, who promptly reported their discovery to Google. Nevertheless, despite the alert, several of these harmful applications remained accessible for download on the Google Play store at the time of the researchers' report publication.
Kaspersky's recent report has unveiled a concerning trend involving Telegram apps promoted as "faster" alternatives to the official version. These apps, as highlighted in the report, have garnered over 60,000 installations, indicating a degree of success in targeting potential victims.
Security analysts investigating these apps have made a startling discovery: these seemingly innocuous alternatives are, in fact, designed with malicious intent. While they outwardly mimic the original Telegram, they contain hidden code that allows them to stealthily steal user data.
Particularly alarming is the presence of an additional package known as 'com.wsys' within these rogue apps. This package gains access to the user's contact list and maliciously harvests sensitive information, including the victim's username, user ID, and phone number.
The hidden activities of these trojanized apps do not stop there. When a user receives a message through one of these compromised apps, the spyware promptly forwards a copy of the message to a hacker-controlled command and control (C2) server.
Furthermore, the spyware goes the extra mile by constantly monitoring the infected app for any changes to the victim's username, user ID, or contact list. If any alterations are detected, the spyware swiftly collects the updated information, posing an ongoing threat to the victim's privacy and security.
This revelation serves as a stark reminder of the persistent efforts of cybercriminals to exploit unsuspecting users. As such, it stresses the importance of remaining vigilant and cautious when downloading and using third-party applications, even when they appear to be legitimate alternatives.
Dangers of modded messaging apps
In a recent cybersecurity alert, ESET warned users about two deceptive messaging apps, Signal Plus Messenger and FlyGram. These apps, falsely touted as enhanced versions of Signal and Telegram, were removed from Google Play and the Samsung Galaxy Store. They were found to contain the BadBazaar malware, enabling the Chinese APT(Advanced Persistent Threat) group 'GREF' to spy on users.
ESET also uncovered a troubling trend this year: around two dozen clone websites distributing trojanized versions of popular messaging apps like Telegram and WhatsApp, primarily targeting Chinese-speaking users. But this doesn't mean other regions are safe from these clones either.
To stay safe, users are advised to stick to genuine messaging apps and avoid downloading unofficial versions promising enhanced features.
Google, facing challenges in stopping these malicious uploads, announced plans to implement a business verification system on Google Play starting August 31, 2023, to enhance security for Android users.
👍
ReplyDelete