Security News > 2023 > September > Fake Signal and Telegram Apps in the Google Play Store
An app with the name Signal Plus Messenger was available on Play for nine months and had been downloaded from Play roughly 100 times before Google took it down last April after being tipped off by security firm ESET. It was also available in the Samsung app store and on signalplus[.
An app calling itself FlyGram was created by the same threat actor and was available through the same three channels.
Both apps were built on open source code available from Signal and Telegram.
Interwoven into that code was an espionage tool tracked as BadBazaar.
Signal Plus could monitor sent and received messages and contacts if people connected their infected device to their legitimate Signal number, as is normal when someone first installs Signal on their device.
Doing so caused the malicious app to send a host of private information to the attacker, including the device IMEI number, phone number, MAC address, operator details, location data, Wi-Fi information, emails for Google accounts, contact list, and a PIN used to transfer texts in the event one was set up by the user.