One fake version Telegram for AndroidImpersonating Shagle video chat service application, can spy on user when installed on mobile phone. The malicious campaign was identified in January by ESET, which revealed details about the cybercriminals’ actions.
To attract more victims, the authors alleged shagle appnot officially available. A fake page was also developed that imitated the video chat service’s real website, thereby distributing the malware.
According to the company specializing in cybersecurity, the app, which is actually a modified version of Telegram, has several spy features. When installed on mobile phone, can record phone calls made on the device, access call log, contact list and copy text messages.
And depending on the victim’s permissions, the damage could be even greater. shagle fake app. In addition to monitoring notifications received on the phone, the software can filter communication from 17 other apps, including Gmail, Tinder, Skype, and Messenger.
Campaign active since 2021
According to the report, Malicious version of Telegram impersonating Shagle app It has been distributed since November 2021, but there is no information about the number of installations. Apparently, the fake software is not active at the moment, but experts do not rule out its return.
The company responsible for discovering the spy app, APT group StrongPity could be behind the campaign. In the program, the researchers identified the same signing certificate that was assigned to cybercriminals in other attacks they participated in.
In order not to risk their phone being spied on by the group, users of the video chat service should only use it in the web version on the official Shagle website. The platform currently has more than 4.8 million members worldwide.
Source: Tec Mundo
