Spyware masquerading as Telegram applications have been spotted in the Google Play Store and has been downloaded over 60,000 times. According to security researchers, the app appears visually identical to the official telegram application, it contains additional packages that the original app does not. Those additional libraries attempt to gain access to the user contact information and runs when connecting to a command and control server to facilitate the exfiltration of those information. It also reads incoming messages and files that are sent or received. Those information are also sent to the command and control server. The app appears to be targeted towards Chinese speaking users and the Uighur ethnic minority. Google have been unable to prevent these malicious apps from the Google Play Store as the publishers only introduce the malicious code after the screening process and as part of post installation updates.
https://thehackernews.com/2023/09/millions-infected-by-spyware-hidden-in.html
https://www.bleepingcomputer.com/news/security/evil-telegram-android-apps-on-google-play-infected-60k-with-spyware/
This segment was created for the It’s 5:05 podcast