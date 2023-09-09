A cybersecurity company has discovered spyware masquerading as modified versions of the popular messaging app, Telegram, on the Google Play Store. These apps were designed to collect sensitive information from compromised Android devices. The malicious applications, collectively downloaded millions of times, have been taken down by Google.

Named Evil Telegram by Kaspersky, the spyware-infected apps were able to capture and transfer user names, IDs, contacts, phone numbers, and chat messages to a server controlled by the threat actors. Some of the apps targeted the Uyghur community, evident by their names. The malicious apps utilized typosquatting techniques in their package names to resemble the legitimate Telegram app.

Despite their deceptive nature, the spyware-infected apps appeared to be legitimate Telegram clones with localized interfaces. It was difficult to distinguish them from the real Telegram app at first glance. The discovery of these spyware apps follows an earlier campaign where a rogue version of Telegram was used to gather chat backups.

It is important for users to be cautious when downloading apps, even from official app marketplaces. It is recommended to verify the developer and read user reviews before installing any application to avoid falling victim to spyware or other malicious software.

