According to new Kaspersky research, “a bunch” of Telegram lookalikes were circulating on the Google Play Store in certain territories, as part of a string of attacks that may be backed by China.
The apps, which promised to be faster than the original (and only) Telegram app, looked virtually identical upon launch, however researchers found key differences in their codes.
Telegram is popular across the world, especially in China, because authorities cannot access the encrypted messages and thus users are typically protected from exfiltration.
Fake Telegram apps stealing information
With such minimal changes compared with the genuine app, these fakes were able to slip past Google’s security checks and find their way onto victim’s phones.
Key changes to the code mean that the personal information of a user’s contacts can be accessed, which includes their IDs, nicknames, names, and phone numbers. The spoof apps can also collect the contents, chat/channel titles and IDs of messages, as well as a sender’s name and ID from incoming messages.
Kaspersky researcher Igor Golovin says: “…the apps described in this article come from a class of full-fledged spyware targeted at users from a specific locale.”
Specifically, it’s China that looks to be under attack by these fakes. The country has in recent years been accused of mass surveillance and repression of its Muslim ethnic minorities, including Uyghurs and Kazakhs, and some believe the apps could have been deployed for this reason.
Google today confirmed that the five apps, including one that had amassed more than 10 million downloads, have now been removed from the Play Store. The Android maker is regularly criticized over the proliferation of malware, spyware, and other malicious apps on its marketplace.
There are some steps that users can take to protect themselves from fake apps, such as only downloading from reputable sources, and even then, running further checks such as the developer name. Keeping app and OS versions up-to-date is also vital for weeding out vulnerabilities.
TechRadar Pro asked Google to comment on this research in particular, as well as more broadly its mechanisms for dealing with malicious apps. Any update from the company will be posted here.