Shubham Sawarkar
If you have recently downloaded two seemingly legitimate messaging apps called Signal Plus Messenger and FlyGram on your Android device, it’s time to take immediate action and uninstall them without delay. These apps have been identified by Slovak cybersecurity firm ESET as malicious imposters masquerading as the popular messaging platforms Signal and Telegram.
Both Signal Plus Messenger and FlyGram were not removed from the app stores before causing significant damage. In fact, Signal Plus Messenger managed to remain listed on the Play Store for a whopping nine months, accumulating over 100 installations before it was eventually pulled by Google. FlyGram, developed by the same creator, was removed more recently in 2021. These apps were not only found to be loaded with malware but were also distributed through third-party app stores, aside from the official Play Store and Galaxy Store.
Despite their removal, if you had the misfortune of downloading either of these apps, they would still be present on your device, posing a threat to your personal data. Google has classified both apps as malicious, capable of pilfering sensitive information. It is crucial to promptly uninstall these apps from your device. However, before you do so, be sure to unlink your Signal and Telegram accounts from them to mitigate any potential risks associated with these malicious apps.
Researchers at ESET have unveiled the extent of the harm these fake apps can inflict. The counterfeit Telegram app has the ability to snatch basic device information along with sensitive data such as your contact list, Google accounts, and call logs. Moreover, it also features an insidious function that enables it to back up its data to a remote server controlled by the attacker.
Similarly, the rogue Signal Plus app can covertly monitor and transmit both incoming and outgoing messages to a remote server, allowing unauthorized access to your private conversations. This malware has been linked to a malicious group based in China known as BadBazaar. To lend an air of authenticity, dedicated websites were created for both of these deceptive apps, complete with installation links to the Google Play Store, effectively deceiving users into believing its legitimacy.
To make matters worse, these fabricated apps can record phone calls and access the cameras of infected devices. Originally targeting users in China, the scope of their attack has expanded to include Ukraine, Poland, the Netherlands, Spain, Portugal, Germany, Hong Kong, and the United States.
When it comes to downloading apps onto your smartphone, it is vital to exercise caution and adhere to official app stores exclusively. Regardless of the enticing features offered by dubious sources, sticking to legitimate app storefronts remains the best practice to safeguard your device and personal information.
Furthermore, it is recommended that you periodically review your Connected Devices list to verify that no unknown devices have gained access to your accounts. If you have inadvertently installed either or both of these fake apps, you might consider purchasing a new handset or wiping your device entirely to eliminate any potential lingering threats associated with unknown devices accessing your Signal or Telegram accounts.
Owners of Galaxy phones should particularly take note since both the Signal Plus app and FlyGram were once listed on the Galaxy Store. It is prudent to ensure that neither of these rogue apps finds a home on your Galaxy device.
Avoid putting yourself in a vulnerable position unnecessarily. In this case, there was no valid reason to install counterfeit versions of Signal or Telegram in the first place. Remember, even if you exercise caution and rely on your common sense, attackers can still find ways to exploit your device. Prioritize your digital security by staying vigilant and relying solely on reputable sources for app downloads.
