Cybersecurity researchers have revealed the presence of fake Telegram apps prevalent in the Google Play Store in specific geographic areas.
According to the report published in Kaspersky’s Securelist blog, Telegram’s fake apps promoted themselves as faster than the original app, and they carry a user interface identical to the original version, but with changes in the source code.
These changes allow fake apps to access the user’s personal contact information, such as names, phone numbers, identifiers, nicknames, and more.
These apps can also collect conversation addresses, channels, and message IDs, as well as the sender’s name and ID from incoming messages.
Researchers believe these fake apps are backed by the Chinese government, as Telegram is widely popular among Muslim ethnic minorities, which the government accuses of suppressing and censoring in recent years.
The researchers identified five different fake apps, including one that had been downloaded more than 10 million times. Later after the report was published, Google deleted the five apps from the Google Play Store.
The proliferation of fake apps that carry security risks raises doubts about how apps scan and updates in the Google Play Store.
Security researchers explain the latest incident by saying that the changes in the source code of the fake apps were minor, causing them to pass the security check undetected.
The popular base of instant messaging apps such as WhatsApp and Telegram has encouraged attackers to imitate them with fake copies to hunt victims, and these apps usually spread outside of official stores.
It is always advised that applications should be downloaded from reliable sources, and not to be swayed by unofficial modified versions, as well as the need to verify the developer’s data before downloading applications from official stores.