Fake Telegram and Signal apps on Google Play, Samsung Galaxy store used to deliver spyware: Report 

Malicious iterations of Telegram and Signal apps uploaded to the Google Play Store and Samsung Galaxy Store were found to deliver spyware on users’ devices to steal sensitive data 

Updated - August 31, 2023 04:24 pm IST

Published - August 31, 2023 03:15 pm IST

Malicious iterations of popular instant messaging platforms, Telegram and Signal, were found to have been uploaded to Google Play and Samsung Galaxy Store.

Malicious iterations of popular instant messaging platforms, Telegram and Signal, were found to have been uploaded to Google Play and Samsung Galaxy Store. | Photo Credit: Reuters

Malicious iterations of popular instant messaging platforms, Telegram and Signal, were found to have been uploaded to Google Play and Samsung Galaxy Store by a Chinese APT group, known as GREF.

The malicious apps contained the BadBazaar spyware, which is capable of tracking a device’s precise location, stealing call logs, SMS, and contact lists, recording phone calls, accessing the camera, and stealing data.

The malware has earlier been used to target minorities in China and is now being used to target users in Ukraine, Poland, the Netherlands, Spain, Portugal, Germany, Hong Kong, and the United States, a report from the Bleeping Computer said.

APT threat actors were found distributing two apps to target devices, “Signal Plus Messenger”, and “FlyGram”, both of which are patched versions of the instant messaging apps Signal and Telegram, the report added.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

Dedicated websites were also set up to add legitimacy to the malware campaign, offering links to install the app from Google Play or directly from the site.

While the FlyGram app was found to target sensitive data like contact lists, call logs, Google Accounts, and WiFi data, it also offered a dangerous backup feature that sent Telegram communication data to an attacker-controlled server.

The Signal clone app, similarly, was found to target information like the victim’s Signal-account-specific information and then used to log in to the victim’s device. Additionally, the Signal clone app also allowed attackers to link the victim’s Signal account to another device, thereby enabling them to read communications sent to the victim’s device.

Both Google and Samsung have now removed the fake apps from their app stores.

How to protect against fake apps?

Android users are advised to download only official apps of instant messaging platforms and avoid downloading unverified apps from unknown websites for their protection. Users are also advised to periodically check the list of linked devices and revoke access to any unrecognised or unused devices.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.