We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Fake Telegram Apps Infect 60k Phones With Spyware

Fake Telegram Apps Infect 60k Phones With Spyware
Author Image Keira Waddell
Keira Waddell Published on 13th September 2023 Former Senior Writer

Malicious actors have successfully distributed counterfeit versions of Telegram on Google Play targeting Chinese users, infecting over 60,000 Android phones with spyware. Data such as user messages and contact lists were stolen. These deceptive applications were uncovered by Kaspersky, who presented them in a report.

The apps masqueraded as faster versions of Telegram. However, while much of the code is exactly the same as Telegram, there are extra functions to steal user data. Messages received by the user are immediately copied and sent straight to the attacker’s server, along with the chat title and ID, and the sender’s name and ID. The user’s contact list, username, ID, and phone number are also collected and monitored by the spyware.

Google has since taken the offending apps off the Play Store, and stated the following to BleepingComputer: “We take security and privacy claims against apps seriously, and if we find that an app has violated our policies, we take appropriate action. All of the reported apps have been removed from Google Play and the developers have been banned. Users are also protected by Google Play Protect, which can warn users or block apps known to exhibit malicious behavior on Android devices with Google Play Services.”

In a similar vein, ESET warned last month of another two malicious messaging apps which were promoted as more feature-rich versions of Signal and Telegram. These were named Signal Plus Messenger and FlyGram. Signal Plus Messenger was available on the Play Store from July 2022, accumulating around 100 downloads before removal. FlyGram was downloaded 5,000 times since its June 2020 Play Store launch and was available for nearly a year.

The malicious apps used open-source code from Signal and Telegram, closely resembling the legitimate apps. However, the apps embedded BadBazaar, an espionage tool linked to previous attacks on Uyghurs and Turkic minorities. ESET speculates that a China-aligned hacking group, identified as GREF, may be behind this particular campaign.

If you have Signal Plus Messenger or FlyGram on your Android device, immediate action is necessary. Uninstall these apps to safeguard your personal information.

About the Author

Keira was a senior writer at vpnMentor. She is an experienced cybersecurity and tech writer dedicated to providing comprehensive insights on VPNs, online privacy, and internet censorship.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address