[ad_1]
UPDATE: It appears both apps have been removed from the Play Store by Google, but it’s still advised that you check if you didn’t happen to install them on your phone by accident.
One simple tip you can follow when you want to get a particular app, in order to make sure you’re getting the legitimate one, is to check the name of the developer who’s published the app in the App Store or Play Store. This is the easiest way to ensure you’re about to download the correct app. If the name of the developer isn’t what you’d expect it to be, at the least it’s worth double checking if the app is the right one. Another telltale sign are user reviews and ratings: it’s always a smart move to take a quick glance at any user feedback left, because bogus apps would often have negative reviews or low ratings. The original story follows below…
Bogus versions of the Signal and Telegram messenger apps were installed from the Play Store and Galaxy Store
But these apps were not removed before Signal Plus Messenger was listed for nine months in the Play Store and it was installed over 100 times before Google yanked it out of its app storefront. Thank Google for Play Protect, but it obviously isn’t always nimble enough in removing malicious apps. FlyGram was created by the same developer and removed in 2021. Slovak cybersecurity firm ESET said that essentially these two apps were versions of Signal and Telegram that delivered malware to the phones that the apps were loaded on.
The legit Signal app on iOS at left, and Android at right
The malicious Signal Plus app could be used to monitor both sent and received messages and even have these messages sent to a remote server from where they could be read. The malware was linked to a Chinese-based malware group called BadBazaar. Dedicated websites for both apps were created to make the bogus apps seem legitimate and included links to install the app to an Android device directly from the Google Play Store.
Both bogus apps could also record phone calls and access the cameras of the infected devices. Users in China were originally targeted and this has been expanded to target users in Ukraine, Poland, the Netherlands, Spain, Portugal, Germany, Hong Kong, and the United States,
No matter what enticing features you’re promised, stick to the legitimate and official version of an app to install
It makes sense, and we certainly aren’t looking to insult anyone who installed the bogus apps, but when it comes to downloading apps on your phone, always stick to the official app available from a legitimate app storefront no matter what bogus features you are being promised.
Again, when it comes to installing apps on your phone, sometimes being smart and using common sense is just not enough to keep attackers from accessing your handset. Why get into this position? In this case, there was no reason to install a bogus version of Signal or Telegram on your phone in the first place.
[ad_2]
Source link