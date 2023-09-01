On August 30, researchers at the Slovak cybersecurity company ESET’s research lab said that they had found two malicious apps— Signal Plus Messenger and FlyGram, targeting Android users and collecting data from their devices. These malicious apps were trojanized (malware) versions of the communication platforms Signal and Telegram. The apps had been uploaded to Google Play, the Samsung Galaxy store, and websites for side-loading (downloading apps directly from the web as opposed to using an app store). ESET says that the malware used in these apps belongs to the BadBazaar malware family, which has been used in the past by a China-aligned advanced persistent threat (APT, sophisticated malicious cyber activity) group called GREF. Why it matters: Since both Signal and Telegram are open-source apps, anyone can inspect, modify, or enhance the code of these apps. This ability to inspect the code (and check for vulnerabilities) of open-source apps is why some consider it security forward. However, according to a report by Ars Technica, these fake apps were built on Signal, and Telegram's open-source code which makes one doubt the security that open-source software offers. What information can the attackers get from this attack? ESET researchers say that the fake version of Telegram not only can get basic device information but also sensitive details, such as the contact lists on their phones, users’ Google accounts, and call logs. The researchers also said that the fake app had a specific feature that would back up the app’s data to a remote server controlled by the attacker and that at…

