A Chinese hacker group is accessing the data of users using copies of well-known messenger services that look deceptively real. This was discovered by experts from security company Eset.
The apps are the “Signal Plus Messenger” and “FlyGram” programs, it says. The applications are brutal copies of the well-known chat services Signal and Telegram. However, they served only one purpose: to intercept user content such as private messages, contact details, and call logs.
oppression of the Uighurs
Using the apps would install spy software on the users’ smartphones, “previously used to suppress Uighurs and other minorities in China,” Eset reports.
The two bugs, disguised as legitimate apps, have long been available through the official app stores Google Play and Samsung Galaxy Store. Both applications are still available from Samsung.
Particularly insidious: the spy apps had the same functions as the original apps. Users could write messages and send photos in the normal way without arousing suspicion.
How does it work?
Very easy. Since the popular Signal and Telegram apps are open source applications, anyone can theoretically view and modify their program code.
The Chinese hackers took advantage of this and added their own malicious code to the programs. They then published the manipulated apps in the Google and Samsung app stores.
When you launch, the app behaves normally. However, there are processes running in the background that users do not notice. For example, when the “Signal Plus Messenger” application is launched, the malware connects to the hackers’ servers, Eset reports. “FlyGram” has access to Telegram backups.
Who is affected?
According to Eset, thousands of users worldwide are affected, especially Android devices in Europe – “especially Germany and Poland”. The malware is also active in Australia, South America, Africa, and the Americas.
Eset advises: “When installing messenger services and other apps, users should always pay attention to the developer or company behind the service.” In case of doubt, the choice should always be with the official manufacturer.
Sources
- eset.com: Fake apps from China spy on German Signal and Telegram users
- welivesecurity.com: BadBazaar: Android spyware trojanized Signal and Telegram apps
(t-online/dsc)
Source: Watson
I’m Ella Sammie, author specializing in the Technology sector. I have been writing for 24 Instatnt News since 2020, and am passionate about staying up to date with the latest developments in this ever-changing industry.
