A fake Telegram app for Android has been discovered that is loaded with malware and capable of a myriad of malicious activities.
The news was broken by cybersecurity researchers Check Point, which claim that the app looks and feels like the genuine thing. However, after being installed, malware code starts running in the background, posing as an internal application update service. The malware first gathers data on the device it’s being installed to, then sets up a communications channel with its server, then downloads further configurations, and then waits for the payload.
The payload itself is the Triada trojan which, upon delivery, gains system privileges and injects itself into other processes on the device.
Triada
The researchers further explained that past analysis of Triada uncovered a wide range of abilities, from signing victims up for various paid subscriptions, to making in-app purchases via SMS and phone numbers, to displaying invisible and in-background ads. Triada can also steal passwords and other sensitive data from the devices, it was said.
The app was not found on Android’s official app repository, but rather on third-party app stores and standalone websites. The researchers say modified versions of popular apps are a common occurrence, as many of today’s top apps have different restrictions, including geographical ones. Some only have a paid version, and are thus inaccessible to many users.
However, users should refrain from downloading unofficial versions of apps as it’s almost impossible, for the majority of the users, to know if there’s any malware buried deep in the app’s code.
To stay safe from such threats, the researchers advise users always download apps from trusted sources such as official websites and official app stores. They should also verify who the app’s authors are, and read through the comments and reviews, if possible. Finally, users should be wary of anny permissions newly installed apps ask for. These are usually the biggest red flag.