A phony and malicious application imitating the Telegram app made its way into the Google Play Store posing as a newer updated version of the popular messaging app.
Spelled just one letter off and with a bracketed addendum, “Teligram [NEW VERSION UPDATED]” is designed to look almost exactly like the real app and even features an IM function but includes advertisement libraries and malware added to the original Telegram source code, according to a Jan. 10 Symantec blog post.
The screen style and app description used by the the Teligram app on Google Play is identical to the legitimate app except it displays advertisements throughout the app and runs malware in the background.
The malware was identified as Trojan.Gen.2 and enables the malware authors to carry out a variety of actions, such as installing a backdoor or an ad clicker. Researchers urge users to beware of open source projects on the Google Play platform as they may allow criminals to take advantage of users by spoofing familiar apps.