You may be feeling quite safe with whatever smartphone you have, but know that hackers are constantly on the lookout to push malware onto your handset and then try and steal anything valuable that you may have there, be it data or money. The easiest way for them to do that is by duping phone users and that is mostly done by convincing them to download apps that look very useful or which promise huge benefits. These apps can even be fake versions of popular apps. And where are these available? Worryingly, they are sometimes available on stores of the biggest companies – from Google Play Store to Samsung Store or even App Store. The hackers are so good at their job that they can even escape these stores’ attempts to identify fake apps. And inside these fake apps there is malware that infects users’ phones.
This puts your personal data at risk. In a recent revelation, cybersecurity firm ESET has uncovered a devious tactic employed by hackers to infiltrate Android phones, compromising user data and conversations. Fake apps pretending to be as extensions or premium versions of popular messaging platforms Signal and Telegram have been discovered in Google and Samsung app stores, posing a significant threat to users.
Delete Signal Plus Messenger and FlyGram now!
According to a report by Tom’s Guide, these malicious apps, known as “Signal Plus Messenger” and “FlyGram,” are designed to extract sensitive information from legitimate Signal and Telegram accounts, including call logs, SMS messages, and locations when users perform specific actions. The attackers exploit the functionality that allows users to link their mobile apps with other devices, such as desktop computers or tablets, to secretly connect compromised devices to the attackers’ Signal accounts, enabling them to spy on users without their knowledge.
While both Google and Samsung have taken swift action to remove these malicious apps from their respective app stores, thousands of downloads have already occurred. “Signal Plus Messenger” had been available on the Play Store since July 2022 and was downloaded approximately 100 times before being removed in April, thanks to a tip from ESET. Similarly, “FlyGram” saw 5,000 downloads after its Play Store launch in June 2020 before being taken down the following year.
What makes this discovery particularly alarming is the stealthy “auto-linking” capability, which went largely unnoticed until now. The malicious apps were built using open-source code available from Signal and Telegram, with hackers incorporating the espionage tool known as “BadBazaar,” a Trojan used in previous attacks targeting Uyghurs and other Turkic ethnic minorities. ESET suspects that the China-aligned hacking group known as GREF is behind this campaign.
To safeguard your phone, these two steps should be followed as soon as possible:
Delete the Fake Apps: If you have either “Signal Plus Messenger” or “FlyGram” installed on your Android device, uninstall them without delay.
Regularly Check Linked Devices: Review your device settings regularly, specifically the “Linked Devices” section, to identify and remove any unrecognized or unauthorized connections.
By following these precautions and staying vigilant, you can minimize the risk of falling victim to such sophisticated cyberattacks. Ultimately, your digital security is in your hands.