The Hidden Dangers in Your Favorite Messaging Apps

Learn to safeguard your data from malicious counterfeit apps of Signal & Telegram; get insights on protection strategies with our in-depth guide

Monday September 11, 2023 , 3 min Read

In recent times, the reliability and security of messaging apps have come under scrutiny, with the emergence of counterfeit versions of popular platforms such as Signal and Telegram. These imitated versions are far from benign, acting as potential conduits for cyber-criminals to siphon off sensitive information, including bank details, from unsuspecting users. Unfortunately, these malicious apps, namely Signal Plus Messenger and FlyGram, have managed to make their way onto various app stores, including the Play Store and Samsung’s Galaxy Store, putting the privacy and security of hundreds of users at peril.

The counterfeit versions of Signal and Telegram, which have reportedly been available for download for about nine months, have been masquerading as secure communication channels while serving as spyware. According to cybersecurity firm ESET, these nefarious apps have been wielding the potential to access a goldmine of user data, such as phone contacts, Google account details, and call logs. Furthermore, they have the capability to transfer this acquired data to a server under the control of cyber attackers, leaving the victims helpless and their information at the mercy of these bad actors.

The alarming revelation about these faux apps came to light when ESET notified both companies about the looming threat. The companies have since removed the counterfeit apps from their respective app stores, but not before they were downloaded by hundreds of users. Given the gravity of the situation, it is imperative for users who have downloaded these applications to take immediate action.

ESET strongly urges individuals who have downloaded these apps to delete them without delay. Moreover, to ensure that no traces of malware linger on their devices, users are advised to undertake a complete factory reset. The disturbing incident serves as a stark reminder of the pervasive threat of fake apps, especially in the Android ecosystem.

To fortify oneself against such malicious entities, here are some prudent measures users can take:

Official App Stores Only:

Stick to downloading apps exclusively from official app stores or Play Store to mitigate the risk of encountering malicious software.

Vigilance with APK Files:

Exercise caution when installing APK files on your Android phone, ensuring to verify the legitimacy of the source before proceeding.

Developer Verification:

Prioritise checking the credentials of the app developer and corroborate the details on their official website to avoid falling prey to counterfeit applications.

Permissions Scrutiny:

Be meticulous in reviewing the data and permissions an app requests access to. A dubious app may request unwarranted permissions, signaling potential malintent.

The rise of counterfeit versions of Signal and Telegram underscores the ever-present need for vigilance in the digital realm. Users are urged to stay informed and adopt safe practices to protect themselves from falling victim to cyber malfeasance. Let's champion digital safety by promoting awareness and exercising caution in our app choices.