Malware infected fake Telegram Messenger app found in Play Store

The Google Play Store is home to more than 3.5 million apps but at the same time, there are tons of apps that are malicious and infected with adware or some kind of malware targeting users who download them believing that Google is handling their security the same way it does with other platforms.

But the reality is far from the truth as the IT security researchers at Symantec have identified the presence of a fake Telegram Messenger app in Google Play Store that is, in reality, a malicious app infecting Android devices with malware and spamming them with ads.

The fake app is called “Teligram [New version updated]” in which attackers have replaced the letter “e” with “i” and changed its theme color from blue to black hoping that unsuspecting users will ignore the difference and tricked into downloading the malicious app.

Malware infected fake Telegram Messenger app found on Play Store
The difference is obvious (Credit: Symantec Via: PlayStore)

To make it a sophisticated scam, the fake app even functions as an instant messaging app, however, at the same time it contains advertisement libraries that spam users with ads to make money. Moreover, Symantec researchers have noted that the malware (Trojan.Gen.2) which Teligram installs on Android devices is built using the open source Telegram code, which is distributed to third-party app stores.

According to John Hou of Symantec’s Threat Intelligence, “While open source projects can be of huge benefit to developers and consumers, they can also be used by criminals to create convincing imitations of trusted apps.”

Furthermore, once the app is installed it executes the malware that ends up installing an ad clicker or a backdoor. Hou believes the main motive of this malware is to make money rather than stealing personal data from users however it is possible that attackers behind this scam can add features that may steal user data and perform other malicious activities in the future.

Malware infected fake Telegram Messenger app found on Play Store
Spamming devices with ads (Credit: Symantec)

At the time of publishing this article, Teligram app was booted off from Play Store.

Remember, hackers are becoming sophisticated in their attacks. On January 11th, Trend Micro researchers discovered first ever malware app in Play Store written Kotlin language. Kotlin is used in writing Android apps and being used by prominent apps including Pinterest, Netflix, and Twitter.

Android users are advised to be vigilant, avoid downloading unnecessary apps and in case you are downloading APK files from a third party store make sure to scan it with an updated security software before installing it on your device.

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.