ESET found that the malicious Android apps on the Google Play Store and Samsung Galaxy Store were designed to infect “Signal Plus Messenger and Flygram” devices.
A recent report published by cyber security firm ESET has revealed a surveillance campaign conducted by the Advanced Persistent Threat (APT) hacking group affiliated with China. This hacking group previously employed an Android malware tool called BadBazaar to spy on the Uyghur population, and is now spreading similar malware among individuals in several countries. This stealthy spyware campaign impersonates popular messaging platforms Telegram and Signal in order to extract sensitive user data.
ESET found that the malicious Android apps on the Google Play Store and Samsung Galaxy Store were designed to infect “Signal Plus Messenger and Flygram” devices. These applications also had dedicated websites, which were linked to the signal application (signalplus [.]org.) and Telegram alternative apps (flygram [.]org.). Spying apps Flygram and Signal Plus Messenger aim to extract users’ sensitive data, such as contact lists, call logs, lists of Google accounts, device locations and Wi-Fi information.
Flygram has the ability to obtain necessary metadata from the Telegram application and gain access to a user’s entire Telegram backup, including contacts, profile pictures, groups, channels and various other details, provided the user activates the cloud sync feature within the malicious application. Do. Data relating to the use of this specific backup feature, ESET said, indicates that at least 13,953 individuals who downloaded Flygram had it enabled.