- September 11, 2023
- Posted by: administrator
- Category: Social Media
Spyware masquerading as modified versions of Telegram have been spotted in the Google Play Store that’s designed to harvest sensitive information from compromised Android devices.
According to Kaspersky security researcher Igor Golovin, the apps come with nefarious features to capture and exfiltrate names, user IDs, contacts, phone numbers, and chat messages to an actor-controlled server.
The activity has been code named Evil Telegram by the Russian cybersecurity company.
It’s worth noting that the package name associated with the Play Store version of Telegram is “org.telegram.messenger,” whereas the package name for the APK file directly downloaded from Telegram’s website is “org.telegram.messenger.web.”
The use of “wab,” “wcb,” and “wob” for the malicious package names, therefore, highlights the threat actor’s reliance on typosquatting techniques in order to pass off as the legitimate Telegram app and slip under the radar.
“At first glance, these apps appear to be full-fledged Telegram clones with a localized interface,” the company said. “Everything looks and works almost the same as the real thing. [But] there is a small difference that escaped the attention of the Google Play moderators: the infected versions house an additional module:”
The disclosure comes days after ESET revealed a BadBazaar malware campaign targeting the official app marketplace that leveraged a rogue version of Telegram to amass chat backups.
Similar copycat Telegram and WhatsApp apps were uncovered by the Slovak cybersecurity firm previously in March 2023 that came fitted with clipper functionality to intercept and modify wallet addresses in chat messages and redirect cryptocurrency transfers to attacker-owned wallets.
NOTE:: This article is copyright by thehackernews.com and we are using it for educational or Information purpose on