Millions of people have been infected by spyware hidden in fake Telegram apps on Google Play.
According to The Hacker News, spyware pretending to be a modified version of Telegram has been discovered in the Google Play store, which was developed to collect information from compromised Android devices.
security expert, Igor Golovin, Kaspersky said these malware have features to collect and filter names, user IDs, contacts, phone numbers, and messages and send them to servers controlled by hackers. This activity has been codenamed Evil Telegram by the company. These apps were downloaded a total of millions of times before being taken down by Google.
It’s worth noting that the package name associated with the Play Store version is “org.telegram.messenger”, while the package name for the APK file downloaded from the website is “org.telegram.messenger.web”. The malware uses the extensions “wab”, “wcb” and “wob” to create confusion and impersonate the legitimate Telegram application.
Kaspersky said that at first, these applications appear to be complete copies of secure messaging applications with interfaces tailored to each country. But there is a small difference that Google Play moderators did not notice: the infected versions contain an additional module
The announcement comes days after ESET said the BadBazaar malware campaign took advantage of a phishing version of Telegram to accumulate message backups. The Telegram and WhatsApp copycat apps were discovered by the Slovak cybersecurity company in March 2023, equipped with a clipper function to block and modify wallet addresses in messages and redirect cryptocurrency transfers to wallets caused by messages
