A NEW strain of malicious Android software has been found masquerading as a ‘premium’ version of a popular messenger app.
The rogue ‘clone’ app, once downloaded, gives hackers a key into your device whereby they can read everything on your screen, including your text messages and bank card information.
The app advertises itself as ‘Telegram Premium’ to hide a malware form known as FireScam.
Telegram is a messenger app like WhatsApp and Signal.
But no such ‘premium’ version exists.
Cybersecurity researchers at Cyfirma discovered the app being distributed on phishing websites that mimic the RuStore – Russia’s version of the Google Play Store.
While it’s good news the app is not available to download on the official Play Store, it could leave Android owners who are open to sideloading at risk.
The ‘Telegram Premium’ malware requests permissions to monitor notifications on your device, as well as all SMS and phone calls the second it is downloaded.
As victims open the app, they are asked to input their Telegram login which allows hackers to steal their credentials for the messaging service.
Once hackers have free reign over the victim’s Telegram account, they transfer any stolen information to a separate database.
Here, hackers can trawl through all the information and filter it for valuable details, according to researchers.
[bc_video account_id=”5067014667001″ application_id=”” aspect_ratio=”16:9″ autoplay=”” caption=”Beware of Fake McAfee App: The Android Malware Scam Explained” embed=”in-page” experience_id=”” height=”100%” language_detection=”” max_height=”360px” max_width=”640px” min_width=”0px” mute=”” padding_top=”56%” picture_in_picture=”” player_id=”default” playlist_id=”” playsinline=”” sizing=”responsive” video_id=”6352536013112″ video_ids=”” width=”640px”]The malware also keeps a close eye on any online transactions made via the Android device, which might allow hackers to capture a victims financial details.
Anything the user types can be observed and copied by the hacker.
What’s more, the malware can intercept data that is filled in automatically, such as passwords from password managers.
[authenticated-scripts src=”%3Cscript%20class%3D%22palin-poll%22%20src%3D%22https%3A%2F%2Fwww.thesun.co.uk%2Fpollingwidgets%2Fv3%2Fwidget.js%3Fquestion_id%3D101745%26game%3Dpolling%22%3E%3C%2Fscript%3E” type=”embedded” width=”100″ /]
