Gandalf_The_Grey
Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Apr 24, 2016
- 7,565
Several malicious Telegram clones for Android on Google Play were installed over 60,000 times, infecting people with spyware that steals user messages, contacts lists, and other data.
The apps appear to be tailored for Chinese-speaking users and the Uighur ethnic minority, suggesting possible ties to the well-documented state monitoring and repression mechanisms.
The apps were discovered by Kaspersky, who reported them to Google. However, at the time the researchers published their report, several malicious apps were still available for download through Google Play.
Dangers of modded messaging apps
Late last month, ESET warned about two trojanized messaging apps, Signal Plus Messenger and FlyGram, promoted as more feature-rich versions of the popular open-source Signal and Telegram apps.
Now removed from Google Play and the Samsung Galaxy Store, those apps contained the BadBazaar malware that allowed their operators, the Chinese APT 'GREF,' to spy on their targets.
Earlier this year, ESET discovered two dozen Telegram and WhatsApp clone sites distributing trojanized versions of the popular messaging apps, also targeting Chinese-speaking users.
Users are recommended to use the genuine versions of messaging apps and avoid downloading forked apps that promise enhanced privacy, speed, or other features.
Google has been unable to stop these malicious uploads mainly because the publishers introduce malicious code via post-screening and post-installation updates.
In July, the tech giant unveiled a strategy to implement a business verification system on the Google Play store starting on August 31st, 2023, aiming to enhance security for Android users.

'Evil Telegram' Android apps on Google Play infected 60K with spyware
Several malicious Telegram clones for Android on Google Play were installed over 60,000 times, infecting people with spyware that steals user messages, contacts lists, and other data.