Android Newspretends to be the app to steal your data

pretends to be the app to steal your data

-


A cyber espionage group created a corrupted version of Telegram that, once installed, gave control over many of the operations carried out on the infected terminal.

If you use Telegram, be careful with this Trojan: it pretends to be the app to steal your data
A corrupted version of Telegram installs a Trojan on Android phones.

Malware on Android has never ceased to be a threat. At Andro4all we have previously talked about the most dangerous todaywhile others like BRATA appear and disappear from time to time. In this case, we are going to deal with malware created by a group considered by experts to be a persistent threat.

The group itself is called StrongPity and, as collected in The Hacker Newsthey have created a version of Telegram for Android that contains a Trojan. Apparently, this corrupted version is distributed via a cloned version of the Shagle web video calling service.

This is what this “fake Telegram” does on our phone

If we install the corrupted version of the application on our phone, we will be offering attackers full access to our terminal. The Trojan exploits a back door to, thanks to its encryption, record phone calls, track location, and harvest SMS, call logs, contact lists, and files.

In addition, if the malware is granted permission to access accessibility options it will be able to read notifications and messages from different applications. Among them are Kik, LINE, Facebook Messenger, Skype, Snapchat, Tinder, Twitter, Viber, WeChat and, obviously, Telegram.

If you use Telegram, be careful with this Trojan: it pretends to be the app to steal your data

Installation message of the corrupted version of Telegram

Another notable aspect of this attack is that the corrupted version of the Telegram APK shares package name with legitimate version. This has an advantage for devices that already have the app installed previously, since the contaminated installer would not be allowed to run.

According to ESET researchers, who have been closely monitoring the matter, this may mean two things: Either StrongPity contacts potential victims and makes them uninstall legitimate Telegram, or their campaign targets countries where the use of Telegram for communication is rare.

It is difficult to know the magnitude of the attack

At the time of writing, the fake Shagle website from which the distribution was made no longer active. ESET researchers say the targets must have been very specific, as no telemetry data exists to provide additional information.

In addition, there is no proof that the corrupted APK made it to Google Play. It is not known how the victims were made to reach the distribution platform. It is speculated that some type of social engineering, fraudulent advertisements and even contaminating a search engine was carried out.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest news

Big Tech’s earnings show the digital ad market isn’t over yet

After a challenging 2022 in which advertising-dependent companies faced shrinking budgets and falling stock prices, this week's fourth-quarter...

You can now use the Elgato Stream Deck to control your Microsoft Teams meetings

Microsoft has released a Teams plugin for the Elgato Stream Deck, making it possible to add meeting controls...

for only 34.99 euros it is the smartest purchase

If you want to build a smart home, this Amazon speaker is one of the best purchases you...

பாக்டீரியாவால் தயாரிக்கப்பட்ட நானோவைர் காலநிலை மாற்றத்தை எதிர்த்துப் போராடுவதற்கான முக்கிய தடயங்களை வழங்குகிறது

மின்சாரம் தயாரிக்கும் பயோஃபில்ம்களுக்குப் பயன்படுத்தப்படும் மின்சார புலத்திற்கு பதில் ஜியோபாக்டரால் தயாரிக்கப்படும் "நானோவாய்கள்". இந்த நானோவாய்கள் சைட்டோக்ரோம் OmcZ இனால் ஆனது மற்றும்...

Xiaomi Redmi 10 Power (Sporty Orange, 8GB RAM, 128GB Storage)

Price: (as of - Details) Xiaomi Redmi 10 Power (Sporty Orange, 8GB RAM, 128GB Storage)Camera: 50 MP Primary...

for only 34.99 euros it is the smartest purchase

If you want to build a smart home, this Amazon speaker is one of the best purchases you...

Must read