Manipulated Telegram app reveals history – also from Gmail, Tinder & Co.

Even end-to-end encryption is of little use if cybercriminals direct their attention to your smartphone. But that is exactly the case at the moment. A manipulated Telegram app is said to have forwarded messages to third parties. And also those of Gmail, Tinder and Co.

Messenger Telegram on a mobile phone
Telegram on the phone

Alongside WhatsApp, Telegram is one of the most popular instant messaging services in Germany . The app offers numerous interesting functions and can also be used without the person on the other end of the line finding out your phone number. Now , security researchers from ESET have discovered a crafted Telegram application that could cause a lot of damage.

TELEGRAM CLONE SHARES MESSAGES WITH THIRD PARTIES

The perfidious thing about the new Trojan application: It is fully functional and can therefore only be differentiated from the open source original to a limited extent. But unlike the real Telegram app, the fake has a back door. Cyber ​​criminals can use these to record phone calls, read text messages, and view call logs and contact lists, among other things. The Trojan also requests access to notifications and services. This enables the app to view incoming notifications from 17 other applications. These include Viber, Skype, Gmail, Messenger and Tinder .

The Telegram imitation comes to the smartphone via a detour in the form of a website copy of the free webcam chat Shagle. Oddly enough, the app can be downloaded here as a Shagle application and not as a Telegram. This fact could indicate that the trojan was offered for download on numerous other website copies without having been adapted accordingly.

TELEGRAM USERS CAN BREATHE EASY

According to ESET security researchers, the malicious variant uses the same package name as the legitimate Telegram app. This is used for identification and can therefore not be installed more than once on a smartphone. This means that users who already have the Telegram app on their smartphones cannot install the infected version and are therefore safe. It is also pleasing that the ESET researchers could not identify any victims of the Trojan. On the other hand, this could indicate that such attacks were very targeted. The security experts suspect the APT group StrongPity, which has already set up campaigns that are identical in many ways in the past, to be behind the attacks.

THIS IS HOW YOU PROTECT YOURSELF

First of all, the obvious: the manipulated Telegram app – like countless other smartphone viruses – could only be downloaded outside of the Google Play Store . It is therefore advisable to generally avoid applications from unknown sources. Commercially available antivirus software can also protect against numerous threats. Because the days when only computers needed an antivirus tool are long gone. Last but not least, it is advisable to always pay attention to which permissions an application requests and which ones you are willing to grant. For more tips and tricks, check out our phone security guide .