Millions Infected by Spyware Versions of Telegram, Signal on Google Play

According to the cybersecurity firm Kaspersky, these bogus apps include nefarious features that capture and send names, user IDs, contacts, phone numbers, and chat messages to an actor-controlled server. The activity has been codenamed “Evil Telegram” by the researchers. The experts discovered several infected apps on Google Play under the guise of Uyghur, Simplified Chinese and Traditional Chinese versions of Telegram.

Cybersecurity researchers have found several spyware-infected versions of Telegram and Signal on the Google Play Store, designed to gather sensitive information from compromised Android devices, a new report has said.

According to the cybersecurity firm Kaspersky, these bogus apps include nefarious features that capture and send names, user IDs, contacts, phone numbers, and chat messages to an actor-controlled server.

The activity has been codenamed “Evil Telegram” by the researchers.

“Our experts discovered several infected apps on Google Play under the guise of Uyghur, Simplified Chinese and Traditional Chinese versions of Telegram. The app descriptions are written in the respective languages and contain images very similar to those on the official Telegram page on Google Play,” the researchers said.

Moreover, the report said that to convince users to download these fake apps instead of the official app, the developer claims that they work faster than other clients thanks to a distributed network of data centres around the world.

At first glance, these apps appear to be full-fledged Telegram clones with a localised interface. Everything looks and works almost the same as the real thing, according to the researchers.

The researchers then looked inside the code and found the apps to be little more than slightly modified versions of the official one.

They found a small difference that escaped the attention of the Google Play moderators — the infected versions house an additional module, which constantly monitors what’s happening in the messenger and sends masses of data to the spyware creators’ command-and-control server, the report mentioned.

Before Google took the apps down, they had been downloaded millions of times.

– IANS

Related posts

Sify Technologies Partners with Cisco ThousandEyes to Help Enterprises Accelerate their Digital Transformation Journey

Whatfix and Deloitte India Forge Strategic Alliance to Accelerate Adoption of Digital Solutions for Indian Enterprises

New Research Highlights AI and Low-Code Synergy Accelerating Application Development in Asia-Pacific

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More