A Security researcher at Symantec have identified a fake Telegram Messenger app in the Google Play Store which has been infecting Android devices with malware and spamming them with ads.
Also Read: Netherlands Teen Hackers punishes 7 Indian embassies for ignoring security flaws
According to the threat Intelligence researcher, John Hou, the malicious app which is called 'Teligram [New version updated]' masquerades as an update to the original Telegram app, and infecting unsuspecting Android users with malware and as well, spamming them with ads.
The maker replaces the 'e' in the Telegram with an 'i' and then changed the theme colour from blue to black so as to convince unsuspecting users that the app is really an update. The fake app makes money for the creator by spamming users with ads.
John Hou explained that the malware (Trojan.Gen.2) in the Teligram app is built using the open source Telegram code which is distributed to third party stores. The fake app executes the malware the moment that it is installed. The malware in turn ends up installing an ad clicker or a backdoor.
The researcher, however believes that the main motive of the person(s) behind this scam is to make money and not steal users data, though the possibility of the attacker(s) implementing features that may steal users data and perform other malicious activities in the future can not be dismissed.
Home to over 3.5 million Android apps, the Google Play Store has always been a hub where hackers sneak in malicious apps, beating Google security check. Unsuspecting Android users who believes that Google security check can't be bypassed, download most of these apps with full confidence of being secured.
As at the time of this writing, the fake Teligram app was kicked off from the Play Store