Google Removes Fake Signal and Telegram Apps Hosted on Play (arstechnica.com) 12
Researchers say they have found fake apps in Google Play that masqueraded as legitimate ones for the Signal and Telegram messaging platforms. The malicious apps could pull messages or other sensitive information from legitimate accounts when users took certain actions. ArsTechnica: An app with the name Signal Plus Messenger was available on Play for nine months and had been downloaded from Play roughly 100 times before Google took it down last April after being tipped off by security firm ESET. It was also available in the Samsung app store and on signalplus[.]org, a dedicated website mimicking the official Signal.org. An app calling itself FlyGram, meanwhile, was created by the same threat actor and was available through the same three channels. Google removed it from Play in 2021. Both apps remain available in the Samsung store.
Both apps were built on open source code available from Signal and Telegram. Interwoven into that code was an espionage tool tracked as BadBazaar. The Trojan has been linked to a China-aligned hacking group tracked as GREF. BadBazaar has been used previously to target Uyghurs and other Turkic ethnic minorities. The FlyGram malware was also shared in a Uyghur Telegram group, further aligning it to previous targeting by the BadBazaar malware family. Signal Plus could monitor sent and received messages and contacts if people connected their infected device to their legitimate Signal number, as is normal when someone first installs Signal on their device. Doing so caused the malicious app to send a host of private information to the attacker, including the device IMEI number, phone number, MAC address, operator details, location data, Wi-Fi information, emails for Google accounts, contact list, and a PIN used to transfer texts in the event one was set up by the user.
Both apps were built on open source code available from Signal and Telegram. Interwoven into that code was an espionage tool tracked as BadBazaar. The Trojan has been linked to a China-aligned hacking group tracked as GREF. BadBazaar has been used previously to target Uyghurs and other Turkic ethnic minorities. The FlyGram malware was also shared in a Uyghur Telegram group, further aligning it to previous targeting by the BadBazaar malware family. Signal Plus could monitor sent and received messages and contacts if people connected their infected device to their legitimate Signal number, as is normal when someone first installs Signal on their device. Doing so caused the malicious app to send a host of private information to the attacker, including the device IMEI number, phone number, MAC address, operator details, location data, Wi-Fi information, emails for Google accounts, contact list, and a PIN used to transfer texts in the event one was set up by the user.
More Proof (Score:2)
Re: (Score:2)
So, while blind trust would be pretty extreme, the most direct takeaway from this particular example has to be that the Play Store is adding value over distribution on the open web or the Samsung store.
Re: (Score:2)
The most direct takeaway from this, would be knowing that almost every walled garden, is hardly doing the due diligence necessary to sustain that marketing stance.
They not providing the additional security required when failing to scrutinize apps before being accepted into their system for mass distribution. They're merely pretending to provide that wall of security and integrity.
That is especially true for the worlds most popular apps, since the other 99.999% of the store is mostly ignored anyway.
Re: More Proof (Score:2)
Friendly reminder (Score:2)
If you want uncensored Telegram, get it from Telegram's website. They host a self-updating .apk that has version of Telegram that doesn't have to abide by "community guidelines" shit in the Play Store app.
I.e. some Telegram groups in Play Store version of Telegram are not accessible. But you can access them just fine with a desktop client, or client that installs from apk that you can find on official Telegram site.
https://telegram.org/android [telegram.org]
Re: Friendly reminder (Score:2)
Or via https://f-droid.org/packages/o... [f-droid.org]
Like other FLOSS packages, the source is available and peer-reviewed.
But while I don't use Google's store, I acknowledge that for 'most' people, allowing installs from non-PlayStore opens a whole new can of worms.
On the original topic: I fail to see why some here are crying 'censor!!' while Google did remove malware apps from their store. That looks like a good thing to me. Luckily only a meager 100 downloads for one of these apps.
Re: (Score:2)
>I acknowledge that for 'most' people, allowing installs from non-PlayStore opens a whole new can of worms.
Official site of the application is far more secure than Play Store and App Store can ever be. As evidenced by the clone apps being removed all the time.
Apple's App store is even worse (Score:2)
You can't find regular apps like Zoom or Adobe Acrobat anymore on the Apple App store.
Re: (Score:2)
You can't find regular apps like Zoom or Adobe Acrobat anymore on the Apple App store.
I can. I don't know what's wrong with you.
Signal apk (Score:3)
You might consider installing Signal from their website if privacy is a high goal.
Android 14 will make management of such apps more straightforward.