Android phones under risk of fake Telegram, Signal apps on Google Play Store

Written By DNA Web Team | Updated: Sep 12, 2023, 10:21 AM IST

Android phone

At first glance, these apps appear to be full-fledged Telegram clones with a localised interface. Everything looks and works almost the same as the real thing, according to the researchers.

Telegram and Signal are among the most used WhatsApp rivals and are used by millions of users. Although these messaging platforms function very similarly, there are a few features that set them apart from each other. Although Telegram and Signal are not as famous as Meta owned WhatsApp, the apps are still used by many Android users. The apps are available on Google Play Store and fraudsters are taking advantage of that to infect phones with similar looking apps. As per cybersecurity researchers at Kaspersky, several spyware-infected versions of Telegram and Signal on the Google Play Store, designed to gather sensitive information from compromised Android devices.

These bogus apps include nefarious features that capture and send names, user IDs, contacts, phone numbers, and chat messages to an actor-controlled server. The activity has been codenamed "Evil Telegram" by the researchers.

"Our experts discovered several infected apps on Google Play under the guise of Uyghur, Simplified Chinese and Traditional Chinese versions of Telegram. The app descriptions are written in the respective languages and contain images very similar to those on the official Telegram page on Google Play," the researchers said.

Moreover, the report said that to convince users to download these fake apps instead of the official app, the developer claims that they work faster than other clients thanks to a distributed network of data centres around the world.

At first glance, these apps appear to be full-fledged Telegram clones with a localised interface. Everything looks and works almost the same as the real thing, according to the researchers.

The researchers then looked inside the code and found the apps to be little more than slightly modified versions of the official one. 

They found a small difference that escaped the attention of the Google Play moderators -- the infected versions house an additional module, which constantly monitors what’s happening in the messenger and sends masses of data to the spyware creators’ command-and-control server, the report mentioned. Before Google took the apps down, they had been downloaded millions of times. (with IANS inputs)