Security News

Telegram Marketplaces Fuel Phishing Attacks with Easy-to-Use Kits and Malware
2024-01-31 12:21

Cybersecurity researchers are calling attention to the "democratization" of the phishing ecosystem owing to the emergence of Telegram as an epicenter for cybercrime, enabling threat actors to...

Cybercriminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale
2023-11-24 15:32

More details have emerged about a malicious Telegram bot called Telekopye that's used by threat actors to pull off large-scale phishing scams. "Telekopye can craft phishing websites, emails, SMS...

WhatsApp rival Telegram gets Crypto wallet integration
2023-09-16 18:56

Telegram, the widely used messaging app, has unveiled an integrated crypto wallet feature, allowing users to effortlessly access their cryptocurrency holdings. The revelation came amidst the TOKEN2049 conference, where the TON Foundation and Telegram publicly announced their partnership.

Fake Signal and Telegram Apps in the Google Play Store
2023-09-14 11:05

An app with the name Signal Plus Messenger was available on Play for nine months and had been downloaded from Play roughly 100 times before Google took it down last April after being tipped off by security firm ESET. It was also available in the Samsung app store and on signalplus[. An app calling itself FlyGram was created by the same threat actor and was available through the same three channels.

'Evil Telegram' Android apps on Google Play infected 60K with spyware
2023-09-10 14:39

At the time the researchers published their report, several malicious apps were still available for download through Google Play. The Telegram apps presented in Kaspersky's report are promoted as "Faster" alternatives to the regular app.

Millions Infected by Spyware Hidden in Fake Telegram Apps on Google Play
2023-09-09 08:14

Spyware masquerading as modified versions of Telegram have been spotted in the Google Play Store that's designed to harvest sensitive information from compromised Android devices. The apps have been collectively downloaded millions of times before they were taken down by Google.

Trojanized Signal, Telegram apps found on Google Play, Samsung Galaxy Store
2023-08-31 09:17

ESET researchers have identified two active campaigns targeting Android users, where the threat actors behind the tools for Telegram and Signal are attributed to the China-aligned APT group GREF. Most likely active since July 2020 and since July 2022, respectively for each malicious app, the campaigns have distributed the Android BadBazaar espionage code through the Google Play store, Samsung Galaxy Store, and dedicated websites posing as legitimate encrypted chat applications - the malicious apps are FlyGram and Signal Plus Messenger. Threat actors exploit fake Signal and Telegram apps.

Trojanized Signal and Telegram apps on Google Play delivered spyware
2023-08-30 15:16

Trojanized Signal and Telegram apps containing the BadBazaar spyware were uploaded onto Google Play and Samsung Galaxy Store by a Chinese APT hacking group known as GREF. [...]

China-Linked BadBazaar Android Spyware Targeting Signal and Telegram Users
2023-08-30 13:43

Cybersecurity researchers have discovered malicious Android apps for Signal and Telegram distributed via the Google Play Store and Samsung Galaxy Store that are engineered to deliver the BadBazaar spyware on infected devices. Slovakian company ESET attributed the campaign to a China-linked actor called GREF. "Most likely active since July 2020 and since July 2022, respectively, the campaigns have distributed the Android BadBazaar espionage code through the Google Play store, Samsung Galaxy Store, and dedicated websites representing the malicious apps Signal Plus Messenger and FlyGram," security researcher Lukáš Štefanko said in a new report shared with The Hacker News.

Developers Beware: Malicious Rust Libraries Caught Transmitting OS Info to Telegram Channel
2023-08-28 15:40

In yet another sign that developers continue to be targets of software supply chain attacks, a number of malicious packages have been discovered on the Rust programming language's crate registry. It's not clear what the end goal of the campaign was, but the suspicious modules were found to harbor functionalities to capture the operating system information and transmit the data to a hard-coded Telegram channel via the messaging platform's API. This suggests that the campaign may have been in its early stages and that the threat actor may have been casting a wide net to compromise as many developer machines as possible to deliver rogue updates with improved data exfiltration capabilities.