Malicious versions of the Signal and Telegram Android apps have been discovered on the Google Play Store and Samsung Galaxy Store, with the intention of delivering the China-linked "BadBazaar" spyware, according to cybersecurity researchers. ESET, a cybersecurity company, revealed that the threat actors responsible for these malicious apps are associated with the China-aligned APT group known as GREF.
The tainted Signal and Telegram apps, called 'Signal Plus Messenger' and 'FlyGram,' have been actively in use since July 2020 and July 2022, respectively. These campaigns have been distributing the Android BadBazaar espionage code through legitimate platforms and dedicated websites representing the malicious apps.
The primary purpose of these Trojanized apps is to extract user data. FlyGram can collect basic device information and sensitive data like contact lists, call logs, and Google Account details. If a specific feature added by the attackers is enabled, FlyGram can also access Telegram backups, a feature that was activated by at least 13,953 user accounts.
Signal Plus Messenger collects similar device data and sensitive information, but its primary goal is to spy on Signal communications. It can extract the Signal PIN number and abuse the link device feature that connects Signal Desktop and Signal iPad to users' phones.
Notably, the BadBazaar malware has previously been used to target Uyghurs and other Turkic ethnic minorities. FlyGram malware was also identified in a Uyghur Telegram group, aligning with past instances of BadBazaar malware targeting.
Victims of these malicious apps have primarily been identified in Germany, Poland, and the US, with additional victims found in Ukraine, Australia, Brazil, Denmark, Congo-Kinshasa, Hong Kong, Hungary, Lithuania, the Netherlands, Portugal, Singapore, Spain, and Yemen.
ALSO READ: Elon Musk says only verified users will be able to vote in X polls
"Both Signal Plus Messenger and FlyGram are slightly different variants of BadBazaar that focus on user data exfiltration and espionage. However, it’s important to note that each of them possesses unique malicious functionalities," explained security researcher Lukas Stefanko.
This discovery underscores the ongoing challenges in identifying and combatting sophisticated cyber threats that leverage legitimate platforms to distribute malware, posing significant risks to user data and privacy.
ALSO READ: Infinix launches affordable 5G smartphone Zero 30 in India
Inputs from IANS