There's a faux Telegram app masquerading as the real messaging app, and according to researchers at Check Point, it's convincing, too. From the identical launch page to the authentication process, the imposter app flows similarly to the original version. "The user has no reason to suspect anything out of the ordinary is happening on the device," the Check Point report said.
Unfortunately, this Telegram app can fool the best of us, and according to Check Point, once it gets a hold of your device, it can unleash malware hell on your Android phone via a trojan called "Triada."
Triada is lurking in 'Telegram'
There's a malware campaign in which malicious actors are disguising Triada as Telegram Messenger version 9.2.1. Unwitting victims, believing that they're using a trusted apps, end up granting it permissions to access their call logs and phone calls.
In the background, according to Check Point researchers, the following steps are taking place:
1. The malware gathers your device's information.
2. It sets up a communication channel.
3. It downloads a configuration file and awaits the reception of a payload from a remote service.
4. The payload is decrypted and launched; Triada can now wreak havoc on your device.
What can Triada do?
Once Triada gets its claws on your Android device, it can perform the following malicious tasks:
- Sign you up for various paid subscriptions
- Perform in-app purchases using your SMS and phone number
- Display advertisements, including invisible ads running secretly in the background
- Steal login credentials
- Snag sensitive device information
To keep Triada at bay, make sure to never download apps from standalone websites nor third-party app stores. There's a chance that the apps in these unofficial stores may be maliciously modified. If you want Telegram, download it directly from the Google Play Store.
If you suspect that your Telegram app isn't legit, delete it immediately and download one of the best mobile antivirus apps for your device.
