In a recent discovery by cyber-security researchers, a modified version of the popular messaging app Telegram for Android has been identified as a malicious application capable of stealing user data. The mobile research team at cyber-security firm Check Point uncovered that the malware within this malicious app is designed to sign victims up for paid subscriptions, make unauthorized in-app purchases, and pilfer login credentials.
The malicious app, which was blocked by Harmony Mobile, has been found to contain a variant of the Trojan Triada. This modular backdoor for Android, initially detected in 2016, grants admin privileges to download additional malware. Modified versions of mobile applications often entice users with added features, customizations, lower prices, or wider availability. These appealing offers may lead unsuspecting users to install these modified versions from unofficial external application stores.
The risks associated with installing modified versions stem from the fact that users are unable to determine the changes made to the application's code. Essentially, users are in the dark about any added code and whether it possesses any malicious intent, as emphasized by the Check Point team.
ALSO READ: Microsoft Xbox Series S 1TB to go on sale from September 1 at Rs 38,990
The malware cleverly disguises itself as Telegram Messenger version 9.2.1, using an identical package name (org.telegram.messenger) and the original application's icon. Upon launching the app, users are presented with what appears to be the authentic Telegram authentication screen, where they are prompted to enter their phone number and grant the app phone permissions. This process mirrors the actual authentication procedure of the genuine Telegram Messenger app, making it difficult for users to suspect any wrongdoing.
Once activated, the malware collects device information, establishes a communication channel, downloads a configuration file, and waits to receive the payload from a remote server. Its malicious capabilities include enrolling users in paid subscriptions, conducting in-app purchases using the victims' SMS and phone number, displaying advertisements (including invisible ads running in the background), and pilfering login credentials and other critical user and device data.
To mitigate the risks associated with such threats, the research team advises users to exclusively download apps from trusted sources such as official websites, app stores, and repositories. It is crucial to verify the author and creator of an app before downloading, and reading comments and feedback from previous users can provide valuable insights.
By maintaining caution and adhering to these preventive measures, users can safeguard themselves against the potential dangers posed by malicious apps and protect their sensitive information from falling into the wrong hands.
Inputs from IANS
