According to a new Kaspersky investigation, several fake Telegram apps were available on the Google Play Store as part of an operation that may have been supported by China. Promising to be faster than the original Telegram app, the apps looked almost identical when they were released, but researchers found significant differences in their code.
Telegram is popular around the world, especially in China, because authorities cannot access encrypted messages and therefore users are generally protected from information leakage.
These clone applications, which contained very few changes compared to the original application, managed to bypass Google’s security controls and enter the victims’ phones. Significant changes to the code enable access to users’ personal information, including their identities, nicknames, names and phone numbers. Fake apps can also collect message contents, chat/channel titles and IDs, as well as the sender’s name and ID from incoming messages.
China seems to be the one particularly attacked by these fakes. The country has been accused of mass surveillance and repression of its Muslim ethnic minorities, including Uyghurs and Kazakhs, in recent years, and some believe the apps may have been used for this reason.
Google announced that five applications, including an application that has been downloaded more than 10 million times, have been removed from the Play Store.
There are some steps users can take to protect themselves from fake apps; For example, downloading only applications from trusted developers and checking some details such as developer name… Keeping application and operating system versions up-to-date is also vital to reduce security vulnerabilities.
50573
