Cybersecurity researchers recently uncovered a concerning discovery regarding a modified iteration of the widely-used messaging application, Telegram, specifically designed for Android devices. This modified version has been identified as malicious, posing a significant threat to users’ data security as it is capable of unauthorized data theft.
Modified Telegram app with malware
The cybersecurity team at Check Point discovered that the malware present in the malicious app can force victims into paid subscriptions, make unauthorized purchases within the app, and steal their login details.
The malicious app was detected and blocked by Harmony Mobile. Although it looked innocent, this modified version was embedded with malicious code linked to the Trojan Triada.
The team highlighted that the danger of installing modified versions lies in the user’s inability to determine the exact modifications made to the application code, including any potentially malicious additions or intentions.
It has the identical package name (org.telegram.messenger) and the same icon as the original Telegram application.
When the app is opened, the user is prompted with the Telegram authentication screen, where they are required to provide their device phone number and grant the app permission to access the phone.
The malware collects device details, establishes a communication channel, downloads a configuration file, and then waits to receive the payload from a remote server.
The team advised users to consistently obtain their apps from reliable sources such as official websites, authorized app stores, and repositories. They emphasized the importance of verifying the app’s author and creator before downloading and recommended reading comments and feedback from previous users as a precautionary measure.