Fake Signal App Planted on Google Play By China-Linked Hackers

Images provided by pixabay

This post is also available in: עברית (Hebrew)

A fake version Signal, a private messaging app, infiltrated Google Play and Samsung’s Galaxy Store and seems to be linked to a Chinese spy operation, and the aim of the fake app (called Signal Plus Messenger) is to spy on communications of the real app, according to ESET researcher Lukas Stefanko.

This scheme not only shows that Chinese-linked hackers managed to get through security checks by two of the world’s biggest tech companies but a successful spying campaign on a messaging app.

Stefanko told Forbes that the malicious Signal Plus Messenger abused a feature of the legitimate app that allows users to link the mobile app to their desktop or Apple iPad. The fake version automatically connected the compromised device to the attacker’s Signal in the background, so all messages were passed onto their account, which happened “without the user noticing anything or accepting any notification.”

Stefanko claims this might be a repeating offense since the same code seen in Signal Plus Messenger was used to target Uyghurs in the past. He found evidence that the same hacking crew also created a malicious Telegram app called Flygram that was available on Google Play and the Samsung Galaxy Store, with download links also shared in a Telegram group for Uyghurs.

While there were fewer than 500 downloads of the fake Signal on Google Play, Stefanko believes the attacks were likely targeted, with the attackers pursuing specific individuals rather than a broad set of users.

Nevertheless, the fake Telegram may have had a wider impact, since FlyGram was able to access Telegram backups if the user enabled a specific feature in the malware, and it was activated by at least 13,953 user accounts.

While Google removed both apps after ESET warned the tech giant, Samsung has not yet taken any action despite being notified back in May, and none of the two companies provided a response to the occurrence.

This information was provided by Forbes.