Malicious Android Telegram clones found on Google Play
The apps, which promised to be faster than the original (and only) Telegram app, looked virtually identical upon launch, however researchers found key differences in their codes.
Telegram is popular across the world, especially in China, because authorities cannot access the encrypted messages and thus users are typically protected from exfiltration.
Fake Telegram apps
With such minimal changes compared with the genuine app, these fakes were able to slip past Google’s security checks and find their way onto victim’s phones.
Key changes to the code mean that the personal information of a user’s contacts can be accessed, which includes their IDs, nicknames, names, and phone numbers. The spoof apps can also collect the contents, chat/channel titles and IDs of messages, as well as a sender’s name and ID from incoming messages.
Kaspersky researcher Igor Golovin says: “…the apps described in this article come from a class of full-fledged spyware targeted at users from a specific locale.”
Specifically, it’s China that looks to be under attack by these fakes. The country has in recent years been accused of mass surveillance and repression of its Muslim ethnic minorities, including Uyghurs and Kazakhs, and some believe the apps could have been deployed for this reason.
Google today confirmed that the five apps, including one that had amassed more than 10 million downloads, have now been removed from the Play Store. The Android maker is regularly criticized over the proliferation of malware, spyware, and other malicious apps on its marketplace.
There are some steps that users can take to protect themselves from fake apps, such as only downloading from reputable sources, and even then, running further checks such as the developer name. Keeping app and OS versions up-to-date is also vital for weeding out vulnerabilities.
A Google spokesperson told TechRadar Pro: “We take security and privacy claims against apps seriously, and if we find that an app has violated our policies, we take appropriate action. All of the reported apps have been removed from Google Play and the developers have been banned. Users are also protected by Google Play Protect, which can warn users or block apps known to exhibit malicious behavior on Android devices with Google Play Services.”