Are you sure that's Telegram? Convincing fake app can steal your login credentials
Double check that Telegram app
There's a faux Telegram app masquerading as the real messaging app, and according to researchers at Check Point, it's convincing, too. From the identical launch page to the authentication process, the imposter app flows similarly to the original version. "The user has no reason to suspect anything out of the ordinary is happening on the device," the Check Point report said.
Unfortunately, this Telegram app can fool the best of us, and according to Check Point, once it gets a hold of your device, it can unleash malware hell on your Android phone via a trojan called "Triada."
Triada is lurking in 'Telegram'
There's a malware campaign in which malicious actors are disguising Triada as Telegram Messenger version 9.2.1. Unwitting victims, believing that they're using a trusted apps, end up granting it permissions to access their call logs and phone calls.
In the background, according to Check Point researchers, the following steps are taking place:
1. The malware gathers your device's information.
2. It sets up a communication channel.
3. It downloads a configuration file and awaits the reception of a payload from a remote service.
Stay in the know with Laptop Mag
Get our in-depth reviews, helpful tips, great deals, and the biggest news stories delivered to your inbox.
4. The payload is decrypted and launched; Triada can now wreak havoc on your device.
What can Triada do?
Once Triada gets its claws on your Android device, it can perform the following malicious tasks:
- Sign you up for various paid subscriptions
- Perform in-app purchases using your SMS and phone number
- Display advertisements, including invisible ads running secretly in the background
- Steal login credentials
- Snag sensitive device information
To keep Triada at bay, make sure to never download apps from standalone websites nor third-party app stores. There's a chance that the apps in these unofficial stores may be maliciously modified. If you want Telegram, download it directly from the Google Play Store.
If you suspect that your Telegram app isn't legit, delete it immediately and download one of the best mobile antivirus apps for your device.
Kimberly Gedeon, holding a Master's degree in International Journalism, launched her career as a journalist for MadameNoire's business beat in 2013. She loved translating stuffy stories about the economy, personal finance and investing into digestible, easy-to-understand, entertaining stories for young women of color. During her time on the business beat, she discovered her passion for tech as she dove into articles about tech entrepreneurship, the Consumer Electronics Show (CES) and the latest tablets. After eight years of freelancing, dabbling in a myriad of beats, she's finally found a home at Laptop Mag that accepts her as the crypto-addicted, virtual reality-loving, investing-focused, tech-fascinated nerd she is. Woot!