New malicious apps are targeting users of the instant messaging platforms Telegram and Signal on Android devices, according to new discoveries from cybersecurity firm ESET.
According to the company’s security researchers, the party behind these attacks has created fake versions that mimic Telegram and Signal applications, and put them in the Google Play Store, adding the word “plus” or “premium” in order to deceive users that these versions offer additional features.
These applications reached users’ devices by downloading them from external websites, or official application repositories such as the Google Play Store or the Samsung Galaxy Store.
The two stores removed the fake messaging apps after security reports spread about them.
These fake applications infected users’ devices with the BadBazaar spyware, a malicious code that was first discovered in November 2022, where researchers noticed that it was used to target the Uyghur community in China, according to a report published by The Hacker News, a cybersecurity website.
These malicious applications are designed to steal sensitive data from users’ devices, including call logs, SMS, geolocations, etc., in addition to stealing data from the original Signal and Telegram applications such as PIN verification code and chat backups.
Telegram users are frequently attacked by security, but this may be the first time users have targeted Signal, which focuses on delivering an instant messaging experience that enhances users’ security and privacy.
It is worth noting that this attack has nothing to do with the original versions of messaging apps, as their owners will remain safe as long as they do not carry any fake versions.
According to security reports, the victims were distributed in various countries around the world, such as the United States and some European and Asian countries.