Chinese-linked hackers target android users with fake Signal and Telegram apps
The hackers are suspected to be part of a threat group known as GREF, which is alleged to be aligned with China.
ESET security researchers discovered (what they allege) two separate Chinese spy campaigns targeting US and European Android users. Their strategy involves the creation of counterfeit versions of popular encrypted messaging apps, Signal and Telegram, both readily available on the Google Play Store. The primary objective behind these bogus applications is to compromise the security of Android users.
Attributed to a threat group suspected to be aligned with China, known as GREF, these fraudulent apps closely mimic the appearance and functionality of the genuine Signal and Telegram apps. However, beneath this deceptive facade lies malicious software capable of unauthorised data access and message interception.
Notably, this malware was previously employed to target specific ethnic minority groups within China. In this latest campaign, the hackers have expanded their scope to target a broader user base.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.