These cloned apps steal a user’s messages, contact list, and other data, and appear to be specifically designed for Chinese-speaking and ethnic minority users.
To convince users to download these apps instead of the official app, the developer claims they run faster than other clients thanks to a distributed network of data centers around the world, the report said.
These apps are similar to the legitimate app, but their code has been slightly modified, which has gone unnoticed by Google Play moderators. These programs have an additional unit.
This unit constantly monitors what is happening in the messaging app and sends large amounts of data to the command and control server of the spyware makers. The data includes all contacts, sent and received messages with attachments, chat/channel names, and the account owner’s name and phone number.
Last week, a team of researchers discovered two Android apps distributed by Chinese hackers that steal users’ private information. ESET researchers said there are active campaigns linked to the China-affiliated APT group, known as GREF, which distributes spyware through two apps, Signal Plus Messenger and FlyGram.
The apps have been spotted on the Google Play Store, Samsung Galaxy Store and designated websites, and both Google and Samsung have removed the apps from their respective app stores.
Source: Young Journalists Club