Not long after the Russian government ordered the immediate blocking of the Telegram messaging app from the Apple App Store and Google Play Store, an imitation of the popular app made its rounds on Google Play.
Confusion surrounding the prompt actions of the Russian government left an opportunity for threat actors to seize the opportunity to take advantage of users attempting to download the app in the wake of the news.
Zscaler researchers spotted the malicious app advertised as “Telegraph Chat” using the same description as the actual Telegram. Once the phony app was installed, the app icon slightly altered and the name changed to “Telegeram,” according to a blog post.
When a user attempts to open the app they are bombarded with various advertisements prompting them to install various Android Apps. Researchers warn this posed a threat as could have been used as a method to trick users into installing malware onto their device.
Upon further inspection, researchers found the fake app had most likely been repacked or decompiled from the original Telegram app and added advertisement libraries. The app had been removed from the Google Play store before researchers could perform a more in depth analysis of the malicious app.