Security researchers have released information about a malicious Android program that is circulating in unofficial application markets posing as the secure messaging programs Threema and Telegram created by cybercriminals. Eset researchers raised the alarm about the threat, which they detect as Android / SpyC23.A. The program is part of the package of threats with which the APT-C-23 cybercriminal group operates, which has been operating since 2017.
This new variant of application created by cybercriminals has been under investigation since April, but their findings have just been published. They found it in an unofficial internet app store, posing as legitimate Android apps. According to the experts they say: When we analyzed the fake store, it contained both malicious and legitimate applications. The malware was hiding in applications posing as AndroidUpdate, Threema, and Telegram. In some cases, victims had both the malware and the promised application installed.
Once installed, the malware continued to deploy deceptive methods to gain permissions to allow it to operate on the device. The attackers used techniques similar to social engineering to trick victims into giving the malware additional rights. For example, permissions to read notifications are masquerading as message encryption features.
This allowed criminals to collect information from devices such as: SMS messages, contact lists, stored files and call logs. In addition, it was able to take photos and record videos and audios without the user’s knowledge, and at the same time, eliminate notifications from security programs to keep its activities hidden.
This, since it was released, the experts said that to avoid these dangers it was best to download applications only from official stores to avoid dangers of these types.
[…] also:Cybercriminals create an app that passes as TelegramPoS Malware is a Virus that steals financial […]