Researchers on Wednesday said they found fake apps in Google Play that masqueraded as legitimate ones for the Signal and Telegram messaging platforms.
The malicious apps could pull messages or other sensitive information from legitimate accounts when users took certain actions.
Doing so caused the malicious app to send a host of private information to the attacker, including the device IMEI number, phone number, MAC address, operator details, location data, Wi-Fi information, emails for Google accounts, contact list, and a PIN used to transfer texts in the event one was set up by the user.
The following screenshot shows the information in transit from the infected device to the attacker server:
BadBazaar, the malware responsible for the spying, bypasses the usual QR code scan and user click process by receiving the necessary URI from its C&C server, and directly triggering the necessary action when the Link device button is clicked.
In this case, if the official Signal clients were to display a notification whenever a new device is linked to the account, the fake version could simply disable that code path to bypass the warning and hide any maliciously linked devices.
The original article contains 780 words, the summary contains 191 words. Saved 76%. I’m a bot and I’m open source!
This is the best summary I could come up with:
Researchers on Wednesday said they found fake apps in Google Play that masqueraded as legitimate ones for the Signal and Telegram messaging platforms.
The malicious apps could pull messages or other sensitive information from legitimate accounts when users took certain actions.
Doing so caused the malicious app to send a host of private information to the attacker, including the device IMEI number, phone number, MAC address, operator details, location data, Wi-Fi information, emails for Google accounts, contact list, and a PIN used to transfer texts in the event one was set up by the user.
The following screenshot shows the information in transit from the infected device to the attacker server:
BadBazaar, the malware responsible for the spying, bypasses the usual QR code scan and user click process by receiving the necessary URI from its C&C server, and directly triggering the necessary action when the Link device button is clicked.
In this case, if the official Signal clients were to display a notification whenever a new device is linked to the account, the fake version could simply disable that code path to bypass the warning and hide any maliciously linked devices.
The original article contains 780 words, the summary contains 191 words. Saved 76%. I’m a bot and I’m open source!