In recent years, the Chinese hacker group GREF has smuggled malware-infected versions of the messenger apps Signal and Telegram into the Google Play Store and the Samsung Galaxy Store. This is what the security experts at Bleepingcomputer report. The malware was tracked down by the security company ESET. The two apps were augmented by the hackers with BadBazaar spyware, the report said.
Malware also targets German users
The malware is already known and has been used in the past to target ethnic minorities in China, according to Bleepingcomputer. However, the current version also supports users from Poland, Ukraine, Spain, Portugal, the Netherlands, the USA, Hong Kong and Germany targeted.
Versatile spyware can record phone calls
BadBazaar’s capabilities are versatile. Among other things, the spyware can steal contact lists, files and databases, take pictures with the smartphone camera and extract SMS and call logs. According to security experts, BadBazaar can also record phone conversations and pinpoint the exact location of the device.
Beware of “FlyGram” and “Signal Plus Messenger”
The two apps are called “FlyGram” and “Signal Plus Messenger” in the Google Play Store and in the Samsung Galaxy Store. According to Bleepincomputer, these are patched versions of the popular open source apps. In order to give more credibility to their applications, the hackers even set up appropriate websites with installation links.
Hackers can read live chats
According to the security experts, “FlyGram” can read call logs, contact lists, WLAN data and Google accounts. An integrated backup function also sends Telegram data to a server controlled by the hackers. The “Signal Plus Messenger”, on the other hand, focuses on the signal communication and the account PIN of its victims. The attackers can also use the fake app to link new devices to the victim’s account and read their chats live.
Apps still available in the Galaxy Store
Both apps were removed around six to nine months after they were submitted to the Google Play Store. Users of the Samsung Galaxy Store should exercise caution, however, because both apps are still available there. Security experts recommend using the original messenger apps and avoiding fork apps, even if they promise additional functions.
How to find out if malicious devices are linked to your Signal account
- Launch the original Signal app
- Go to settings
- Select the “linked devices” option
- Here you can see all devices connected to your account and you can remove them if you wish