HomesecurityFake Threema and Telegram apps hide Android spyware

Fake Threema and Telegram apps hide Android spyware

Researchers have discovered a new one Android spyware που is distributed through fake messaging applications such as Threema, Telegram and WeMessage.

Android spyware

It is said that spyware is the creation of a hacking team, specializing in campaigns espionage against military and educational institutions. The group is called APT-C-23 and has been active since at least July 2015.

The researchers they found one new update of APT-C-23 spyware, which contains new advanced features that allow Android spyware to reject notifications from solutions security running on devices Samsung, Xiaomi and Huawei. Thus, it can operate secretly on the victims' devices.

Android spyware is hidden in fake applications

In April 2020, the security researcher MalwareHunterTeam had spoken to Twitter for an Android spyware that had a very low detection rate in VirusTotal. Examining the sample, her researchers ESET found out she was part of it malware APT-C-23 toolkit.

In June, MalwareHunterTeam found a new sample of the same spyware hidden in its installation file Telegram available from DigitalApps, an unofficial Android store.

ESET began researching the new version and found that the spyware was hidden in other applications which also exist in the same store.

Spyware was also found on Threema, a secure messaging platform and application AndroidUpdate.

According to the researchers, the fake ones applications Threema and Telegram were fully operational, thus hiding their malicious nature.

Threema Telegram

However, according to ESET, the use of DigitalApps is not the only method of spreading Android spyware. The researchers also found other fake applications that were not available in that store but contained the same spyware.

"In June 2020, the systems ESET blocked this spyware on customer devices in Israel. Samples of malware detected were displayed as WeMessage", Said ESET.

However, the malware interface differs from the normal one, which means that the attacker did not exactly copy the original application.

The new version of spyware has advanced features

The hacking group APT-C-23 is also known as Big Bang APT and Two-tailed Scorpion. Hackers develop malware for platforms Windows and Android and mainly target users in the Middle East.

The new version of Android spyware has many new features like recording calls / SMS / contacts and specific types files (PDF, DOC, DOCX, PPT, PPTX, XLS, XLSX, TXT JPG, JPEG, PNG), read notifications from applications (WhatsApp, Facebook, Telegram, Instagram, Skype, Messenger, Viber) and message theft.

It also has Ability to mute alerts from security applications which are integrated in Samsung, Xiaomi and Huawei devices.

According to Bleeping Computer, spyware can also monitors the screen as well as incoming and outgoing calls via WhatsApp. End, makes secret calls and "blackens" the screen so that it is not perceived and the phone appears to be switched off.

ESET published a report on the new spyware of APT-C-23.

Digital fortress
Pursue Your Dreams & Live!