Security News > 2023 > January > StrongPity hackers target Android users via trojanized Telegram app
The StrongPity APT hacking group is distributing a fake Shagle chat app that is a trojanized version of the Telegram for Android app with an added backdoor.
Once installed, this app enables the hackers to conduct espionage on the targeted victims, including monitoring phone calls, collecting SMS texts, and grabbing contact lists.
The Android app is signed with the same certificate the APT used to sign an app that mimicked the Syrian e-gov Android application in a 2021 campaign.
The malicious Android application distributed by StrongPity is an APK file named "Video.apk," the standard Telegram v7.5.0 app modified to impersonate a Shagle mobile app.
One drawback of using Telegram as the basis for the hacking group's fake app is that if the victim already has the real Telegram app installed on their phones, the backdoored version won't be installed.
Currently, the API ID used in the captured samples has been limited due to overuse, so the trojanized app will no longer accept new user registrations; hence, the backdoor won't work.