Specialists Discover Fake Version of Telegram App Infected with Malware
Check Point Software Technologies has identified a fake version of the Telegram application that infects android devices with the malicious Triada software. The harmful application gains elevated privileges within the system, allowing it to install and perform malicious actions.
The malware version of Telegram, which is disguised as the latest version (9.2.1), cleverly uses the packet name and real icon of the genuine application to appear legitimate. Upon launching the fake app, users are presented with a registration screen identical to the original application. To proceed with registration, users are asked to provide their phone number and grant certain device permissions.
Unbeknownst to the user, the fake Telegram app then introduces malicious code into the device under the guise of an internal application update service. This code operates in the background, collecting information, extracting configuration files, and establishing communication channels.
The Triada malware goes unnoticed by the user as it infiltrates and affects various processes in the device’s memory. It primarily spreads through applications downloaded from untrustworthy sources.
Researchers at Check Point have identified the following operations that the Triada malware can perform:
- Defraud victims through multiple paid subscriptions
- Display invisible and background advertising
- Make unauthorized purchases in applications using SMS and phone numbers
- Steal confidential data and passwords
In a separate incident, Kaspersky laboratory analysts blocked a new version of the UNIFICAL customer WhatsApp for Android called “YowhatsApp”. This version intercepted WhatsApp keys, enabling attackers to take control of user accounts and perform actions on their behalf.
There has been a recent increase in modified versions of mobile applications. These modified apps