After targeting WhatsApp, hackers are now taking advantage of the growing popularity of Telegram and Signal to spread their dangerous viruses.
In the last two years, the alternative messaging apps to WhatsApp have experienced a real boom: WhatsApp indeed remains the leader, with over 2 billion users in the world, but Signal and, above all, Telegram have proliferated with, respectively, over 50 and over 800 million users.
No wonder, then, that these popular apps are exploited, like WhatsApp, to deceive users and carry dangerous viruses. The confirmation comes from Lukas Stefanko, a well-known security analyst at Eset, who discovered two versions of Telegram and Signal infected, both present on both the Google Play Store and the Samsung Galaxy Store.
Telegram And Signal, The Dangerous Versions
Stefanko discovered two clone apps of Telegram and Signal, FlyGram and Signal Plus Messenger, which promised additional features over the standard ones.
The cybercriminals’ trick is already known and is the same as in the past with WhatsApp clone apps, such as WhatsApp Pink, YoWhatsApp, GB WhatsApp, and other similar apps: tricking app users into accessing their profile and, through it, the entire phone.
How FlyGram And Signal Plus Messenger Work
FlyGram and Signal Plus Messenger promise additional functions for Telegram and Signal for free and for everyone. Still, they are nothing more than the open-source versions of the two apps with slight aesthetic changes.
With the malware inside, the Eset researcher has found the code of a virus of the BadBazaar family in the two apps, already known for several months and developed by the Chinese hacker collective GREF.
It is a hazardous virus because it takes possession of the user’s Telegram or Signal profile himself, noticing it.
In this way, BadBazaar allows you to spy on users sneakily; in fact, the virus was developed in China to spy on activists of the Uyghur and Turkish minorities.
FlyGram can extract essential information and sensitive data, such as contact lists, call logs, and Google account lists. In addition, the app can exfiltrate some information and settings related to Telegram.
Signal Plus Messenger behaves similarly, but its primary goal is to spy on the victim’s communications via Signal: it can extract Signal’s PIN that protects the account and abuses the device’s linking feature that allows users to connect Signal Desktop and Signal iPad to their phones.
While such viruses had already been discovered in the past, as far as Signal is concerned, it is the first report of this kind.
How To Defend Yourself From BadBazaar
Eset reported both infected apps to Google and Samsung and soon removed them from the Play Store and Galaxy Store.
This is usually enough for the phones on which these apps have been installed to proceed with automatic deletion. However, since sometimes it may not happen, it is always best to check the list of installed apps.
If there should be FlyGram or Signal Plus Messenger (or both), you must remove the infected app manually and possibly do a deep virus scan with a security suite for Android.
Also Read: How To Design A Profile On LinkedIn?
