City
Epaper

New China-linked spyware targets Android users via fake Signal, Telegram apps

By IANS | Updated: September 4, 2023 12:00 IST

New Delhi, Sep 4 Cybersecurity researchers have discovered malicious Signal and Telegram Android apps distributed via the Google ...

Open in App

New Delhi, Sep 4 Cybersecurity researchers have discovered malicious Signal and Telegram Android apps distributed via the Google Play Store and Samsung Galaxy Store designed to deliver the China-linked "BadBazaar" spyware, a new report has revealed.

According to cybersecurity company ESET, the threat actors behind the malicious tool are the China-aligned APT group GREF.

The malicious Signal and Telegram apps hackers were using to infect users' devices are 'Signal Plus Messenger' and 'FlyGram'.

"Most likely active since July 2020 and since July 2022, respectively, the campaigns have distributed the Android BadBazaar espionage code through the Google Play store, Samsung Galaxy Store, and dedicated websites representing the malicious apps Signal Plus Messenger and FlyGram," said security researcher Lukas Stefanko.

The purpose of these trojanized apps is to exfiltrate user data. Specifically, FlyGram can extract basic device information, but also sensitive data, such as contact lists, call logs, and the list of Google Accounts.

FlyGram can access Telegram backups if the user enabled a specific feature added by the attackers; the feature was activated by at least 13,953 user accounts, the report said.

Signal Plus Messenger collects similar device data and sensitive information; however, its main goal is to spy on the victim's Signal communications - it can extract the Signal PIN number that protects the Signal account and abuses the link device feature that allows users to connect Signal Desktop and Signal iPad to their phones.

Previously, the BadBazaar malware was used to target Uyghurs and other Turkic ethnic minorities.

FlyGram malware was also seen shared in a Uyghur Telegram group, which aligns with previous targeting of the BadBazaar malware family, according to the report.

Victims have been found primarily in Germany, Poland, and the US, with victims also discovered in Ukraine, Australia, Brazil, Denmark, Congo-Kinshasa, Hong Kong, Hungary, Lithuania, the Netherlands, Portugal, Singapore, Spain, and Yemen.

"Both Signal Plus Messenger and FlyGram are slightly different variants of BadBazaar that focus on user data exfiltration and espionage. However, it’s important to note that each of them possesses unique malicious functionalities," Stefanko said.

Disclaimer: This post has been auto-published from an agency feed without any modifications to the text and has not been reviewed by an editor

Tags: congresspitrodadelhimodideepikabjpwest-bengaldeepika-padukoneajay-devgnthakur
Open in App

Related Stories

NationalITC Scam: ED Raids 12 Locations Across Maharashtra, Jharkhand, and West Bengal in ₹750 Crore Fraud Probe

NationalKolkata Horror: Nursing Home Staffer Molests Semi-Conscious Patient, Arrested

NationalSuvendu Adhikari Convoy Attack: Seven Arrested for Assaulting West Bengal LoP's Car with Rods and Sticks in Cooch Behar

NationalDelhi: 8 Accused in Vehicle Theft Cases Arrested During Police Patrolling, Stolen Scooters and Bikes Recovered

NationalCity Living Redefined: The Rise of Used Cars in Delhi’s Lifestyle Trends

Technology Realted Stories

TechnologyUS tariff hike to impact only 4.8 per cent of India’s total exports

TechnologyNew stations, policy reforms, FDI boost gas-based economy in India: Minister

TechnologyIndia's supply chain and logistics sector gears up for global leadership

TechnologyInstagram rolls out new 'Repost', 'Interactive Map', and 'Friend Tab' features

TechnologyMyntra sees 20 pc growth in handloom demand, boosts role as platform for India’s artisan, textile heritage