New Delhi: Cyber-security researchers on Friday revealed a modified version of popular messaging app Telegram on Android that has been found to be malicious and can steal your data.
According to the mobile research team of cyber-security firm Check Point, malware within a malicious app can sign up a victim for various paid subscriptions, make in-app purchases and steal login credentials.
The malicious app was detected and blocked by Harmony Mobile. Despite being innocuous in appearance, this modified version contains malicious code associated with the Trojan Triada.
cre trending stories
“This Triada Trojan, first observed in 2016, is a modular backdoor for Android that grants administrator privileges to download other malware,” the report said.
Modified versions of mobile apps may offer additional features and customizations, lower prices, or be available in a wider range of countries than their original apps.
Their offer can be attractive enough to entice gullible users to install them through unofficial external application stores.
“The risk of installing modified versions comes from the fact that it is impossible for a user to know exactly what changes were made to the application code. To be more precise – it is unknown what code was added and Does it have any malicious intent,” the team noted.
The malware disguises itself as Telegram messenger version 9.2.1.
It has the same package name (org.telegram.messenger) and the same icon as the original Telegram application.
Upon launch, the user is presented with the Telegram authentication screen, asked to enter the device phone number and grant the application phone permissions.
The researchers said, “This flow resembles the actual authentication process of the native Telegram messenger application. The user has no reason to suspect that anything out of the ordinary is happening on the device.”
The malware gathers device information, sets up a communication channel, downloads a configuration file, and waits to receive a payload from a remote server.
Its malicious capabilities include signing up the user for various paid subscriptions, making in-app purchases using the user’s SMS and phone number, displaying advertisements (including invisible ads that run in the background), and collecting login credentials and other user and Stealing device information is included.
“Always download your apps from trusted sources, be it official websites or official app stores and repositories. Verify who is the author and creator of the app before downloading. Read comments and feedbacks from previous users before you download Can.” Team.