Google removes fake Signal and Telegram apps hosted on Play

Google removes fake Signal and Telegram apps hosted on Play | Enterprise Wired

Share Post:

LinkedIn
Twitter
Facebook
Reddit

Researchers discovered bogus apps for the Signal and Telegram communications services in Google Play on Wednesday, according to reports. When users performed specific activities, the malicious apps could steal messages or other private information from legitimate accounts.

Before Google removed a Signal Plus Messenger app from Play last April after receiving a tip from security company ESET, the software had been available on Play for nine months and had been downloaded there about 100 times. It was also accessible on signal plus[.]org, a dedicated website that resembled the original Signal.org, and on the Samsung app store. Meanwhile, the same threat actor also developed the FlyGram app, which was accessible through the same three methods. Google took it down from Play.

Trojan has been connected to the GREF hacking gang

Both applications were created using open source technology from Signal and Telegram. An intelligence gathering mechanism known as BadBazaar was incorporated into that code. The Trojan has been connected to the GREF hacking gang, which is associated with China. Uyghurs and other Turkic ethnic minorities have historically been targeted by BadBazaar. A Uyghur Telegram group also disseminated the FlyGram malware, further connecting it to prior BadBazaar malware family targets.

If users connected their infected smartphone to their real Signal number, as is typical when someone initially instals Signal on their device, Signal Plus could monitor sent and received messages as well as contacts.

When this happened, the malicious app sent the attacker a ton of personal data, including the device’s IMEI number, phone number, MAC address, operator information, location data, Wi-Fi information, emails for Google accounts, contact information, and, in the event that one had been set up by the user, a PIN used to send texts.

Exclusively for specifically targeted people

The creators of Signal have been alerted of this weakness by ESET Research. Threat actors can modify the code of any messaging app and advertise it in a fraudulent or misleading way, according to the encrypted messaging service. In this scenario, the fake Signal and Telegram client could easily block that code path to avoid the warning and hide if the official Signal clients were to show a notification everytime a new device is joined to the account.

Downloading only authentic versions of such programs, only from official sources, is the best way to avoid falling prey to a fake Signal—or any other malicious messaging app.

According to the information previously given by the malware to the C&C server, the server hasn’t returned to the device a URI for linking throughout our research, indicating this is likely enabled exclusively for specifically targeted people.

Subscribe

RELATED ARTICLES

OpenAI Partially Prevails as Judge Dismisses Copyright Lawsuits by Silverman and Tremblay

OpenAI Partially Prevails as Judge Dismisses Copyright Lawsuits by Silverman and Tremblay

Federal Judge Rules on OpenAI’s Use of Authors’ Works in Training AI Model In a significant development, two copyright infringement…
FTC Investigates Drug Supply Chain: Focus on Middlemen Amid Generic Drug Shortages

FTC Investigates Drug Supply Chain: Focus on Middlemen Amid Generic Drug Shortages

Source- PYMNTS.com Federal Trade Commission and HHS Seek Solutions for Ongoing Drug Shortages In response to the persistent shortages of…
Cisco Announces Workforce Reduction Amid Industry Downturn

Cisco Announces Workforce Reduction Amid Industry Downturn

Source- BNN Breaking Tech Giant to Cut 5% of Workforce, Eliminating 4,250 Jobs In a move to streamline operations amidst…
Lyft CEO Takes Responsibility for Earnings Error, Stock Soars

Lyft CEO Takes Responsibility for Earnings Error, Stock Soars

Major Error Causes Stock Surge and Subsequent Correction Lyft CEO David Risher has acknowledged responsibility for a significant error in…