Researchers on Wednesday said they found fake apps in Google Play that masqueraded as legitimate ones for the Signal and Telegram messaging platforms. The malicious apps could pull messages or other sensitive information from legitimate accounts when users took certain actions.
Signal Plus Messenger was available on Play for nine months before Google took it down last April after being tipped off by security firm ESET. It was also available in the Samsung app store and on signalplus[.]org, a dedicated website mimicking the official Signal.org. An app calling itself FlyGram, meanwhile, was created by the same threat actor and was available through the same three channels. Google removed it from Play in 2021. Both apps remain available in the Samsung store.
Both apps were built on open source code available from Signal and Telegram. Interwoven into that code was an espionage tool tracked as BadBazaar. The Trojan has been linked to a China-aligned hacking group tracked as GREF. BadBazaar has been used previously to target Uyghurs and other Turkic ethnic minorities. The FlyGram malware was also shared in a Uyghur Telegram group, further aligning it to previous targeting by the BadBazaar malware family.
Signal Plus Messenger can spy on Signal messages by misusing the link device feature. It does this by automatically connecting the compromised device to the attacker’s Signal device. This method of spying is unique, as we haven’t seen this functionality being misused before by other malware, and this is the only method by which the attacker can obtain the content of Signal messages.
ESET Research has informed Signal’s developers about this loophole
Before linking an account, be sure the app you're using is legit
I honestly don’t get why these app stores are not police better, they should be almost pure profit with their 30% cut. At this point they are marginally better than those early 2000s downloads...
I honestly don’t get why these app stores are not police better, they should be almost pure profit with their 30% cut. At this point they are marginally better than those early 2000s downloads site that were full of malware.
It's a scale issue with no clear solution. It is impossible to hire enough developers capable of not only reviewing but also auditing millions upon millions upon millions of lines of code in every...
It's a scale issue with no clear solution. It is impossible to hire enough developers capable of not only reviewing but also auditing millions upon millions upon millions of lines of code in every single app released and every update for each app in perpetuity; not to mention any 3rd party server integrations will be impossible to fully verify.
I honestly don’t get why these app stores are not police better, they should be almost pure profit with their 30% cut. At this point they are marginally better than those early 2000s downloads site that were full of malware.
It's a scale issue with no clear solution. It is impossible to hire enough developers capable of not only reviewing but also auditing millions upon millions upon millions of lines of code in every single app released and every update for each app in perpetuity; not to mention any 3rd party server integrations will be impossible to fully verify.