[ad_1]
Last week, cybersecurity company ESET reported about malicious Telegram and Signal apps masquerading on the Google Play Store. Now, another report has found clones of the Telegram app that are spying on their users.
According to a report by Kaspersky, these clone apps steal user messages, contacts lists and other data. These apps appear to have been tailored for Chinese-speaking users and the Uighur ethnic minority.
“To persuade users to download these mods instead of the official app, the developer claims that they work faster than other clients thanks to a distributed network of data centres around the world,” the report said.
The company said that these apps look similar to the legitimate app but the code is slightly modified that escaped the attention of the Google Play moderators: the infected versions house an additional module.
The module constantly monitors what’s happening in the messenger and sends masses of data to the spyware creators’ command-and-control server. The data include “all contacts, sent and received messages with attached files, names of chats/channels, name and phone number of the account owner.”
China-linked Signal, Telegram apps
Last week, a team of researchers discovered two Android apps that are distributed by Chinese hackers and are stealing users’ private data. ESET researchers said that there are active campaigns linked to the China-aligned APT group known as GREF, distributing espionage code via two apps: Signal Plus Messenger and FlyGram.
These apps were spotted on the Google Play store, Samsung Galaxy Store, and dedicated websites. Both Google and Samsung removed the apps from their respective app stores.
According to a report by Kaspersky, these clone apps steal user messages, contacts lists and other data. These apps appear to have been tailored for Chinese-speaking users and the Uighur ethnic minority.
“To persuade users to download these mods instead of the official app, the developer claims that they work faster than other clients thanks to a distributed network of data centres around the world,” the report said.
The company said that these apps look similar to the legitimate app but the code is slightly modified that escaped the attention of the Google Play moderators: the infected versions house an additional module.
The module constantly monitors what’s happening in the messenger and sends masses of data to the spyware creators’ command-and-control server. The data include “all contacts, sent and received messages with attached files, names of chats/channels, name and phone number of the account owner.”
China-linked Signal, Telegram apps
Last week, a team of researchers discovered two Android apps that are distributed by Chinese hackers and are stealing users’ private data. ESET researchers said that there are active campaigns linked to the China-aligned APT group known as GREF, distributing espionage code via two apps: Signal Plus Messenger and FlyGram.
These apps were spotted on the Google Play store, Samsung Galaxy Store, and dedicated websites. Both Google and Samsung removed the apps from their respective app stores.
[ad_2]
Source link
More Stories
Google Maps: Three privacy features coming to Google Maps on Android, iPhones
Most-Downloaded IPhone App: This Chinese app was the most-downloaded iPhone app in the US in 2023
Ukraine’s largest mobile operator goes offline for millions of users after cyber attack