Due to the sheer number of applications available in Ply Store, it’s difficult to distinguish original applications from fake and malicious ones. And now, security researchers at Symantec have discovered that a new fake Telegram application has appeared on the Play Store. The app named “Teligram [NEW VERSION UPDATED]” is designed to look exactly like the original Telegram app except little bit different name and the icon to trick users downloading the application.
Although the app works as an instant messaging app, it runs malware in the background. Symantec said in an official blog post, “Once installed, it becomes more difficult to tell the difference. Comparing the apps’ manifests reveals that Teligram has added advertising libraries in order to create revenue for the fraudsters behind the deceptive app. Teligram displays advertisements in two different ways, within the chat list and by showing intermittent full screen advertisements.”
The security researchers went on to reveal that the app was built using open source Telegram code which is distributed on third-party app stores. As for malware, the app installs Trojan.Gen.2 in the infected device. After the app is installed by user, the app allows hackers to install other malicious applications to carry out different activities.
John Hou of Symantec wrote, “While open source projects can be of huge benefit to developers and consumers, they can also be used by criminals to create convincing imitations of trusted apps.”
“Compared to this malware, Teligram users are lucky as advertising revenue appears to be the main motive behind the app. Although no malicious behavior has been added to Teligram, its developers could potentially add any behavior they wish.”
Since the report, Google has removed the application from the Play Store.