Delete these 2 fake apps now, Signal Plus Messenger and FlyGram
You might feel pretty safe with any smartphone you own but know that hackers are constantly on the lookout to introduce malware to your phone and then try to steal anything valuable you might have on there, be it data or money. The easiest way for them to do this is to trick phone users, and that is mainly done by convincing them to download apps that seem very useful or promise great benefits. These apps may even be fake versions of popular apps. And where are they available? The worrying thing is that they are sometimes available in the stores of the biggest companies, from the Google Play Store to the Samsung Store or even the App Store. Hackers are so good at their job that they can even escape these stores' attempts to identify fake apps. And inside these fake apps is malware that infects users' phones.
This puts your personal data at risk. In a recent disclosure, cybersecurity firm ESET has uncovered a devious tactic hackers use to infiltrate Android phones, compromising user conversations and data. Fake apps purporting to be extensions or premium versions of the popular Signal and Telegram messaging platforms have been discovered on the Google and Samsung app stores, posing a significant threat to users.
Delete Signal Plus Messenger and FlyGram now
According to a Tom's Guide report, these malicious apps, known as "Signal Plus Messenger" and "FlyGram", are designed to extract sensitive information from legitimate Signal and Telegram accounts, including call logs, SMS messages, and locations when users make specific activities behaviour. Attackers take advantage of functionality that allows users to link their mobile apps to other devices, such as desktop computers or tablets, to secretly connect compromised devices to attackers' Signal accounts, allowing them to spy on users without your knowledge.
While both Google and Samsung have taken swift action to remove these rogue apps from their respective app stores, thousands of downloads have already been made. "Signal Plus Messenger" was available on the Play Store from July 2022 and was downloaded approximately 100 times before being removed in April, thanks to a tip from ESET. Similarly, "FlyGram" recorded 5,000 downloads after its release on the Play Store in June 2020 before being taken down the following year.
What makes this discovery particularly alarming is the stealthy “autolink” capability, which has hitherto gone largely unnoticed. The malicious apps were created using open source code available from Signal and Telegram, and the hackers embedded the spying tool known as "BadBazaar," a Trojan used in previous attacks targeting Uyghurs and other Turkic ethnic minorities. ESET suspects that the China-aligned hacker group known as GREF is behind this campaign.