Chinese Hackers Uploaded Trojanized Signal App to Google Play Store
Suspected Chinese hackers targeted Android users by uploading a malicious version of the Signal app to the Google Play Store, according to ESET.
The antivirus provider also noticed the hackers uploading the malicious Signal app, and another based on Telegram, to the Samsung Galaxy Store.
Both Signal and Telegram operate as open-source apps available on GitHub. The hackers abused this by taking the open-source versions and adding malicious code into the programming. The Trojanized apps were then uploaded to the app stores under the names “Signal Plus Messenger” and “FlyGram,” which markets itself as an alternative to Telegram.
“The purpose of these Trojanized apps is to exfiltrate user data,” ESET researcher Lukas Stefanko wrote in his research note. “Specifically, FlyGram can extract basic device information, but also sensitive data, such as contact lists, call logs, and the list of Google Accounts.”
The Trojanized Signal Plus Messenger, on the other hand, can collect similar sensitive data, such as the phone’s contact list, while also spying on a victim’s communications. “It can extract the Signal PIN number that protects the Signal account,” Stefanko wrote. In addition, the malicious code can allow the hacker to exploit the “link device” function to view their messages on the Trojanized Signal app.
The good news is that Google removed the Signal Plus Messenger app from the Play Store in May after ESET notified the company about the threat. “The malicious Signal Plus Messenger app was initially uploaded to Google Play on July 7th, 2022, and it managed to get installed more than a hundred times,” Stefanko added.
Signal Plus Messenger and the Trojanized FlyGram app are still available on the Samsung Galaxy Store. We
Read more on pcmag.com
