Beware of Android Malicious Telegram Variants on Google Play. Learn how to spot and avoid security risks.
There have been Malicious Telegram Variants on Google Play that pose as altered versions of Telegram and are intended to collect private data from infected Android devices.
Igor Golovin, a security researcher with Kaspersky, claims that the apps have malicious capabilities that allow them to collect and transmit names, user IDs, contacts, phone numbers, and chat messages to a server under the control of an attacker.
The Russian cybersecurity company has given the operation the codename “Evil Telegram.”
Before Google removed them, the apps had been downloaded millions of times overall. The penultimate app on the list is called “Telegram – TG Uyghur,” making it apparent that the Uyghur group is being specifically targeted.
It’s important to note that while the APK file directly downloaded from Telegram’s website has the package name “org.telegram.messenger.web,” the Play Store version of the messaging app has the package name “org.telegram.messenger.”
The threat actor’s dependence on typosquatting techniques to pose as the genuine Telegram app and evade detection is highlighted by the use of “wab,” “wcb,” and “wob” for the malicious package names.
The business claimed that these applications “at first glance appear to be complete Telegram clones with a localized interface.” “Everything appears to operate almost exactly like the genuine thing. There is a minor distinction, however, that the Google Play censors missed: the infected versions contain an extra module.
The information was made public days after ESET identified a malware campaign called BadBazaar that was aimed at the official app store and used a fake version of Telegram to gather chat backups.
The Slovak cybersecurity firm previously discovered similar knockoff Telegram and WhatsApp apps in March 2023 that were equipped with clipper capabilities to capture and change wallet addresses in chat conversations and reroute cryptocurrency transfers to attacker-owned wallets.
Keywords: Malicious Telegram variants on Google Play, Android spyware posing as Telegram, Security risks of fake Telegram apps
Also Read : The Firewalls Router Revolution: Protecting Your Digital Kingdom