'Evil Telegram' Android apps on Google Play infected 60K with spyware


Level 79
Thread author
Honorary Member
Top Poster
Content Creator
Apr 24, 2016
Several malicious Telegram clones for Android on Google Play were installed over 60,000 times, infecting people with spyware that steals user messages, contacts lists, and other data.

The apps appear to be tailored for Chinese-speaking users and the Uighur ethnic minority, suggesting possible ties to the well-documented state monitoring and repression mechanisms.

The apps were discovered by Kaspersky, who reported them to Google. However, at the time the researchers published their report, several malicious apps were still available for download through Google Play.
Dangers of modded messaging apps

Late last month, ESET warned about two trojanized messaging apps, Signal Plus Messenger and FlyGram, promoted as more feature-rich versions of the popular open-source Signal and Telegram apps.

Now removed from Google Play and the Samsung Galaxy Store, those apps contained the BadBazaar malware that allowed their operators, the Chinese APT 'GREF,' to spy on their targets.

Earlier this year, ESET discovered two dozen Telegram and WhatsApp clone sites distributing trojanized versions of the popular messaging apps, also targeting Chinese-speaking users.

Users are recommended to use the genuine versions of messaging apps and avoid downloading forked apps that promise enhanced privacy, speed, or other features.

Google has been unable to stop these malicious uploads mainly because the publishers introduce malicious code via post-screening and post-installation updates.

In July, the tech giant unveiled a strategy to implement a business verification system on the Google Play store starting on August 31st, 2023, aiming to enhance security for Android users.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.