Experts from ESET, a global leader in the cybersecurity market, have just detected a new espionage campaign by the group APT StrongPity which acts through malware aimed at Android users.
The campaign in question distributes a fake version of the famous Telegram messaging app, which contains trojan-type malware. The app appears to be legitimate, as it is fully functional. Cybercriminals pass it off as an app of the Shagle site (a random video chat platform, accessible only via browser), which actually does not exist. “The backdoor has various espionage functions: 11 dynamically activated modules are responsible for recording phone calls, collecting of SMS messages, the collection of call log lists and contact lists, and much more,” explains an ESET spokesperson.
Try Amazon Video for 30 days for free!
Malware masquerading as Telegram
The malicious app gives the StrongPity malware access to notifications and various accessibility services. According to ESET this manages to get access to different apps including Viber, Skype, Gmail, Messenger and Tinder. The malware is also capable of exfiltrating chat communications from other apps. “The campaign is probably limited, given that our telemetry has not yet identified any victims,” reassure ESET experts. In particular Lukáš Štefankothe ESET researcher who analyzed the app, said:
“During our investigation, the analyzed version of the malware available on the emulator website was no longer active and it was no longer possible to successfully install and activate the backdoor functionality. This is because StrongPity has not obtained the API ID for the malicious Telegram app. But that could change at any time if the threat actor decides to update it.”
Unlike the genuine Shagle site, which does not provide an official mobile app to access its services, the fake site only provides an Android app for download, with no web streaming capabilities. We therefore recommend that you do not install any messaging app that does not come from the official storesin this case Google Play Store.
Leave a Reply
View Comments