1. Forum
  2. TQWNet
  3. TQW GENTECH

  • This nasty Android malware is posing as the Telegram Premium app

    From TechnologyDaily@1337:1/100 to All on Monday, January 06, 2025 11:30:06
    This nasty Android malware is posing as the Telegram Premium app

    Date:
    Mon, 06 Jan 2025 11:18:37 +0000

    Description:
    Russian mobile app store spoofed to deploy Android malware.

    FULL STORY ======================================================================Research ers have found a fake Telegram Premium Android app It is being distributed through a phishing page pretending to be a Russian app store Malware is capable of exfiltrating all sorts of sensitive information

    Experts have detected a new piece of information-stealing malware posing as one of the most popular messaging apps around.

    Cybersecurity researchers from CyFirma recently discovered an Android app, pretending to be a premium version of Telegram, but which actually steals victims login credentials and sensitive information.

    The researchers explained how back in 2022, when the Russian invasion of Ukraine began, the West imposed heavy sanctions on Putins regime. These sanctions meant Russians could not access Google's Play Store or Apples App Store. To provide Russian citizens with access to mobile software, the countrys Ministry of Digital Development, together with VK (the countrys social media behemoth and essentially a Facebook clone) created RuStore, a mobile app marketplace. FireScam

    Cyfirma now claims someone created phishing websites on GitHub designed to look like RuStore. Victims that visit the website will first get a dropper module named GetAppsRu.apk, which lists apps installed on the device, gains access to device storage, and installs additional packages.

    Among the additional packages is the main malware, called Telegram Premium.apk. This malware, dubbed FireScam, requests permissions to monitor notifications, clipboard data, SMS, and more. It also displays a fake
    Telegram login page to steal the credentials.

    Furthermore, FireScam will monitor app activity, the clipboard, look for e-commerce transactions, and virtually anything else that could be useful.
    The data is then extracted to a third-party server where its filtered and transferred elsewhere. The information that is deemed worthless is wiped, it was added.

    Cyfirma could not attribute FireScam to any known threat actor, but it did describe the operation as a sophisticated and multifaceted threat that
    employs advanced evasion techniques. There was no word on the number of potential victims. It also recommended users be careful when opening files from sources theyre not entirely familiar with, or when clicking on potentially dangerous links.

    Via BleepingComputer You might also like Dangerous new Android malware infects 11 million devices here's what we know Here's a list of the best antivirus tools on offer These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-nasty-android-malware-is-posing-as -telegram-premium-app


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)