Sep 11 – According to a new investigation, cybersecurity researchers discovered multiple spyware-infected versions of Telegram and Signal on the Google Play Store, meant to harvest sensitive information from vulnerable Android devices.
These phoney apps, according to cybersecurity firm Kaspersky, include sinister capabilities that gather and send names, user IDs, contacts, phone numbers, and chat messages to an actor-controlled server.
The action has been dubbed “Evil Telegram” by the researchers.
“Our experts discovered several infected apps on Google Play under the guise of Uyghur, Simplified Chinese and Traditional Chinese versions of Telegram. The app descriptions are written in the respective languages and contain images very similar to those on the official Telegram page on Google Play,” the researchers said.
- Advertisement -
Furthermore, according to the study, in order to persuade people to download these bogus apps rather than the real app, the developer claims that they work faster than other clients due to a scattered network of data centres throughout the world.
These apps appear to be full-fledged Telegram clones with a localised interface at first glance. According to the experts, everything appears and works virtually exactly like the actual thing.
The researchers then examined the code and discovered that the apps were nothing more than slightly tweaked versions of the legitimate one.
They discovered a minor change that eluded the notice of Google Play moderators: the infected versions contain an additional module that constantly monitors what’s going on in the messenger and sends massive amounts of data to the spyware makers’ command-and-control server, according to the study.
The apps had been downloaded millions of times before Google removed them.
