Fraudulent Telegram apps target Android devices with spyware

Threat actors have been leveraging malicious fake versions of the Telegram messaging app on the Google Play Store to facilitate spyware deployment on Android devices, The Hacker News reports. More than 10 million devices have downloaded the apps collectively dubbed "Evil Telegram," which sought to exfiltrate names, user IDs, phone numbers, contacts, and chat messages, prior to their removal from the Play Store, according to a Kaspersky report. Further analysis of the malicious apps indicated attackers' utilization of typosquatting techniques to conceal malicious activity as evidence by the usage of "wab," "wob," and "wcb" on the package names, noted researchers. "At first glance, these apps appear to be full-fledged Telegram clones with a localized interface. Everything looks and works almost the same as the real thing. [But] there is a small difference that escaped the attention of the Google Play moderators: the infected versions house an additional module," said Kaspersky.