Two Fake Messaging Apps Threaten Android Users: What You Need to Know


If you’re an Android user, there’s a new threat you should be aware ofTwo Fake Messaging Apps , Signal and Telegram, have been found in app stores. These impostor apps, called Signal Plus Messenger and FlyGram, were designed to steal your data and spy on your messages.

How They Work:


Signal and Telegram allow you to use them on different devices, like your phone and computer. The fake apps exploited this feature, secretly connecting your device to the attacker’s account, letting them see your messages without you knowing.

What’s Been Done:

Google and Samsung have removed these fake apps from their stores, but some people already downloaded them.

What You Should Do to Protect Your Android Device:

If you have Signal Plus Messenger or FlyGram on your Android device, delete them immediately to protect your data. In the future, only download Signal and Telegram from trusted sources. Periodically check your device settings for any unusual linked devices.

  1. Download Legitimate Versions: Only download Signal and Telegram from official sources to guarantee their authenticity and security.
  2. Regularly Check Linked Devices: Periodically inspect your device’s settings and linked devices to identify any unrecognized or unauthorized connections.

Why It Matters:

This is a reminder that cyber threats are real, and we must be cautious when downloading apps. Stick to official sources and stay informed to keep your digital life safe.

This malicious campaign represents an unprecedented attempt to infiltrate some of the world’s most popular messaging apps. The impostor apps were constructed using open-source code available from Signal and Telegram. Hackers embedded an espionage tool known as BadBazaar, a Trojan used in previous attacks targeting Uyghurs and other Turkic ethnic minorities. ESET suspects that the China-aligned hacking group GREF is behind this campaign.

X Post by: ESET Research

Lukáš Štefanko, a security researcher at ESET, explained, “BadBazaar’s main purpose is to exfiltrate device information, the contact list, call logs, and the list of installed apps, and to conduct espionage on Signal messages by secretly linking the victim’s Signal Plus Messenger app to the attacker’s device.”

In conclusion, the discovery of these impostor apps emphasizes the importance of vigilance when downloading apps. Always stick to official sources, and regularly review your device’s settings to maintain control over your privacy and security. The incident underscores the need for users to remain cautious and informed in the ever-evolving landscape of mobile applications, as threats continue to evolve and adapt.