Cybersecurity firm CheckPoint has discovered a modified version of the popular messaging app Telegram. The malicious app was detected and blocked by Harmony Mobile. The report has revealed that the modified version of the app is embedded with malicious code linked to Trojan Triada.
What does the modified app do
The malware cleverly masquerades itself as the latest version of Telegram Messenger, specifically version 9.2.1. It adopts the exact package name (org.telegram.messenger) and replicates the original Telegram application’s icon. When the user opens the app, they are presented with the familiar Telegram authentication screen, where they are prompted to enter their device’s phone number and grant phone permissions to the application.
Upon closer examination through static analysis, it becomes evident that the application harbours malicious code disguised as an internal application update service. Once the user launches the app, this hidden malware code operates surreptitiously in the background. Its primary objectives are to collect device information, establish a communication channel, retrieve a configuration file, and await the delivery of the payload from a remote server.
Once the payload is received and decrypted, the malware, known as Triada, gains elevated system privileges. These elevated privileges empower Triada to inject itself into other processes and execute a range of malicious actions.
How to protect your smartphone from malware
- Always download your apps from trusted sources, whether it is official websites or official app stores and repositories
- Verify who the author and creator of the app is before downloading. You can read the comments and reactions of previous users prior to downloading
- Be wary of permissions requested by the installed app and whether it is actually necessary for the actual app’s functionality.
FacebookTwitterLinkedin
end of article