New spyware apps are targeting users of Telegram and Signal

Malicious apps targeting users of the instant messaging platforms Telegram and Signal on Android devices have emerged, according to findings by the cybersecurity company ESET.

Security researchers at the company revealed that the attackers behind these attacks created counterfeit versions mimicking Telegram and Signal apps, distributing them through the Google Play Store. They added words like "Plus" or "Premium" to deceive users into thinking these versions offered additional features.

These malicious apps were distributed to users' devices through downloads from external sources on the internet or from official app repositories such as the Google Play Store and the Samsung Galaxy Store.

Following security reports about these threats, app stores took measures to remove these fake applications.

These malicious apps carried the BadBazaar spyware, which was first discovered in November 2022. This spyware was used to target the Uyghur community in China, as reported by The Hacker News, a cybersecurity-focused website.

These malicious apps were designed to steal sensitive data from users' devices, including call logs, text messages, geolocation data, and more. They also aimed to steal data from the original Signal and Telegram applications, such as PIN verification codes and chat backups.

While Telegram users have frequently faced security attacks, this is the first time that the Signal platform has experienced similar attacks. Signal is known for prioritizing a highly secure and private messaging experience for its users.

It's important to note that these attacks do not affect the official versions of the messaging apps. Therefore, users who use the official versions of the apps are not at risk. According to security reports, victims from various countries around the world were targeted, including the United States and some European and Asian countries.