A team of researchers have discovered two Android apps that are distributed by Chinese hackers and are stealing users’ private data. The malicious code found in these apps is attributed to the BadBazaar malware family.
Researchers from cybersecurity company ESET spotted active campaigns linked to the China-aligned APT group known as GREF, distributing espionage code via two apps: Signal Plus Messenger and FlyGram. The apps are mimicking the Signal app and a Telegram alternative app.
These apps were spotted on the Google Play store, Samsung Galaxy Store, and dedicated websites, ESET said.
How these apps are harmful
Security researchers claim that the purpose of these ‘trojanised’ apps is to exfiltrate user data. FlyGram can extract basic device information as well as sensitive data, such as contact lists, call logs, and the list of Google Accounts.
The app is capable of collecting some information and settings related to Telegram, however, this data doesn’t include the Telegram contact list, messages, or any other sensitive information.
Meanwhile, Signal Plus Messenger collects similar device data and sensitive information. Its main goal is to spy on the victim’s Signal communications – “it can extract the Signal PIN number that protects the Signal account, and misuses the link device feature that allows users to link Signal Desktop and Signal iPad to their phones.”
“Our telemetry reported detections on Android devices from Australia, Brazil, Denmark, the Democratic Republic of the Congo, Germany, Hong Kong, Hungary, Lithuania, the Netherlands, Poland, Portugal, Singapore, Spain, Ukraine, the US, and Yemen,” ESET said.
Google removes fake apps
Google has removed both apps from the Play Store, however, they were still available on the Samsung Galaxy Store until last week. Users are advised to delete these apps from their smartphones.
FacebookTwitterLinkedin
end of article