Security News > 2020 > October > Beware: New Android Spyware Found Posing as Telegram and Threema Apps

Beware: New Android Spyware Found Posing as Telegram and Threema Apps
2020-10-01 03:35

A hacking group known for its attacks in the Middle East, at least since 2017, has recently been found impersonating legitimate messaging apps such as Telegram and Threema to infect Android devices with a new, previously undocumented malware.

"Compared to the versions documented in 2017, Android/SpyC23.A has extended spying functionality, including reading notifications from messaging apps, call recording and screen recording, and new stealth features, such as dismissing notifications from built-in Android security apps," cybersecurity firm ESET said in a Wednesday analysis.

The latest version of the spyware detailed by ESET expands on these features, including the ability to collect information from social media and messaging apps via screen recording and screenshots, and even capture incoming and outgoing calls in WhatsApp and read the text of notifications from social media apps, including WhatsApp, Viber, Facebook, Skype, and Messenger.

The infection begins when a victim visits a fake Android app store called "DigitalApps," and downloads apps such as Telegram, Threema, and weMessage, suggesting that the group's motivation behind impersonating messaging apps is to "Justify the various permissions requested by the malware."

Apps downloaded from fraudulent third-party app stores has been a conduit for Android malware in recent years.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/DY7a-k-Hk4k/android-mobile-hacking.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Telegram 6 2 23 8 2 35