Google removes fake Signal and Telegram apps hosted on Play

Google removes fake Signal and Telegram apps hosted on Play | Enterprise Wired

Share Post:

LinkedIn
Twitter
Facebook
Reddit

Researchers discovered bogus apps for the Signal and Telegram communications services in Google Play on Wednesday, according to reports. When users performed specific activities, the malicious apps could steal messages or other private information from legitimate accounts.

Before Google removed a Signal Plus Messenger app from Play last April after receiving a tip from security company ESET, the software had been available on Play for nine months and had been downloaded there about 100 times. It was also accessible on signal plus[.]org, a dedicated website that resembled the original Signal.org, and on the Samsung app store. Meanwhile, the same threat actor also developed the FlyGram app, which was accessible through the same three methods. Google took it down from Play.

Trojan has been connected to the GREF hacking gang

Both applications were created using open source technology from Signal and Telegram. An intelligence gathering mechanism known as BadBazaar was incorporated into that code. The Trojan has been connected to the GREF hacking gang, which is associated with China. Uyghurs and other Turkic ethnic minorities have historically been targeted by BadBazaar. A Uyghur Telegram group also disseminated the FlyGram malware, further connecting it to prior BadBazaar malware family targets.

If users connected their infected smartphone to their real Signal number, as is typical when someone initially instals Signal on their device, Signal Plus could monitor sent and received messages as well as contacts.

When this happened, the malicious app sent the attacker a ton of personal data, including the device’s IMEI number, phone number, MAC address, operator information, location data, Wi-Fi information, emails for Google accounts, contact information, and, in the event that one had been set up by the user, a PIN used to send texts.

Exclusively for specifically targeted people

The creators of Signal have been alerted of this weakness by ESET Research. Threat actors can modify the code of any messaging app and advertise it in a fraudulent or misleading way, according to the encrypted messaging service. In this scenario, the fake Signal and Telegram client could easily block that code path to avoid the warning and hide if the official Signal clients were to show a notification everytime a new device is joined to the account.

Downloading only authentic versions of such programs, only from official sources, is the best way to avoid falling prey to a fake Signal—or any other malicious messaging app.

According to the information previously given by the malware to the C&C server, the server hasn’t returned to the device a URI for linking throughout our research, indicating this is likely enabled exclusively for specifically targeted people.

Subscribe

RELATED ARTICLES

Elon Musk Triumphs in Critical Tesla Pay Package Vote

Elon Musk Triumphs in Critical Tesla Pay Package Vote

Source – Arab News Small Investors Rally Behind CEO Despite Institutional Opposition Elon Musk celebrated a significant victory on Thursday…
Life360 Makes Public Debut on Nasdaq

Life360 Makes Public Debut on Nasdaq

Source – AFR Tech Firm Enters Public Market Life360, Inc., a technology company specializing in location tracking services for families,…
Five Below CEO Warns of Lingering Effects of Inflation

Five Below CEO Warns of Lingering Effects of Inflation

Source – NBC New York Challenges for Consumers Joel Anderson, CEO of discount retailer Five Below, expressed concerns about the…
FDA Rescinds Marketing Denial Orders for Juul Products

FDA Rescinds Marketing Denial Orders for Juul Products

Source – Reuters Reversal of Marketing Denial Orders The US Food and Drug Administration (FDA) announced on Thursday that it…