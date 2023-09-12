Rayuwar Gari

Hattara da Aikace-aikacen Saƙon da ke Cutar da Kayan leken asiri akan Shagon Google Play

ByVicky Stavropoulou

Sep 12, 2023
Summary: Several spyware-infected versions of popular messaging apps Telegram and Signal have been discovered on the Google Play Store. Cybersecurity researchers at Kaspersky have identified these malicious apps, called “Evil Telegram,” which trick users into downloading them by posing as legitimate counterparts. The fake apps have similar interfaces and functionalities, making it difficult to differentiate them from the real ones. Once installed, the infected apps collect sensitive information from compromised Android devices, including names, user IDs, contacts, phone numbers, and chat messages. The stolen data is then sent to the attackers’ server. The spyware-infected apps were disguised as Uyghur, Simplified Chinese, and Traditional Chinese versions of Telegram. To further convince users, the developers claimed that these fake apps work faster through a distributed network of data centers worldwide. Despite their deceptive nature, the infected apps amassed millions of downloads before being taken down by Google.

To target unsuspecting Android users, fraudsters have preyed on the popularity of Telegram and Signal, two prominent alternatives to Meta-owned WhatsApp. While not as famous, these messaging platforms boast a significant userbase. However, their relative obscurity compared to WhatsApp has made them vulnerable to malicious actors seeking to exploit their growing popularity.

The spyware-infected apps were cleverly disguised as legitimate versions of Telegram. They closely imitated the official app, with matching interface elements and functionalities. The malicious copies even included app descriptions in the intended language and images similar to those on the official Telegram page. Users were enticed to believe they were downloading the real Telegram app only to fall victim to the spyware’s data collection mechanisms.

Upon investigation, cybersecurity researchers discovered that the infected apps were actually modified versions of the genuine apps. The key difference was the inclusion of an additional module within the code, designed to monitor user activity within the messenger. This data was then dispatched to the command-and-control server operated by the spyware creators. Unfortunately, the additional module managed to avoid detection by Google Play moderators, allowing the malicious apps to be downloaded and used by millions of Android users.

To avoid falling victim to such scams, it is crucial to only download apps from trusted sources and carefully verify their authenticity. Google Play Store and other app marketplaces should constantly monitor for potential spyware-infected apps to ensure the safety of their users.

