If you installed two apps on your Android phone that you thought were messaging apps Signal and Telegram, delete them immediately if not sooner. Per BGR, the two apps are Signal Plus Messenger and FlyGram and have subsequently been removed from the Play Store, the Galaxy Store, and third-party app storefronts from where they were sideloaded (installed from third-party app storefronts) on Android phones.
Bogus versions of the Signal and Telegram messenger apps were installed from the Play Store and Galaxy Store
But these apps were not removed before Signal Plus Messenger was listed for nine months in the Play Store and it was installed over 100 times before Google yanked it out of its app storefront. FlyGram was created by the same developer and removed in 2021. Slovak cybersecurity firm ESET said that essentially these two apps were versions of Signal and Telegram that delivered malware to the phones that the apps were loaded on.
But just because apps are removed from the Play Store, if you were unlucky to have downloaded it on your phone, it would still be on your phone ready to create mischief with your personal data until removed from your own handset. Google labeled the pair as malicious apps capable of stealing your personal data. If you do uninstall these apps from your phone, make sure that before you do, unlink your Signal and Telegram accounts from them before you delete the malicious apps.
ESET researchers say that the fake Telegram app could snatch basic device information from a phone with the app installed along with sensitive data including the contact list, the phone user’s Google accounts, and his/her call logs. The researchers also said that the fake Telegram app had a feature that would back up the app’s data to a remote server controlled by the attacker.
The malicious Signal Plus app could be used to monitor both sent and received messages and even have these messages sent to a remote server from where they could be read. The malware was linked to a Chinese-based malware group called BadBazaar. Dedicated websites for both apps were created to make the bogus apps seem legitimate and included links to install the app to an Android device directly from the Google Play Store.
Both bogus apps could also record phone calls and access the cameras of the infected devices. Users in China were originally targeted and this has been expanded to target users in Ukraine, Poland, the Netherlands, Spain, Portugal, Germany, Hong Kong, and the United States,
No matter what enticing features you’re promised, stick to the legitimate and official version of an app to install
It makes sense, and we certainly aren’t looking to insult anyone who installed the bogus apps, but when it comes to downloading apps on your phone, always stick to the official app available from a legitimate app storefront no matter what bogus features you are being promised.
It’s also suggested that you check your Connected Devices list every now and then to make sure that no unknown new device has been given access to your account. And here’s the thing; if you did install either or both of the fake apps, you might have to buy a new handset or wipe your phone to remove any unknown devices from your Signal or Telegram accounts.
Because both the Signal Plus app and the FlyGram app were listed at one time in the Galaxy Store (although the listings now say “Application not supported” and “This app is no longer available for purchase or is not supported in this country”) if you do own a Galaxy phone, you might want to make sure that you didn’t install either one on your Galaxy handset.
Again, when it comes to installing apps on your phone, sometimes being smart and using common sense is just not enough to keep attackers from accessing your handset. Why get into this position? In this case, there was no reason to install a bogus version of Signal or Telegram on your phone in the first place.
Source: Phonearena