Trojanized Telegram and Signal Android apps have been spotted on the Google Play Store and Samsung Galaxy Store, and both malicious apps contain BadBazaar spyware that can steal sensitive such as contact lists, call logs, Google accounts and more.
The malicious apps, known as “FlyGram” and “Signal Plus Messenger,” mimic the popular open-source instant messenger apps Telegram and Signal. The threat actors behind the malware campaign are associated with GREF, a Chinese APT cybercriminal group.
Along with being available on the Google and Samsung app stores, the hackers set up official-looking websites (“signalplus.org” and “flygram.org”) to trick users into downloading the apps on Google Play or from the website – adding to the campaign’s legitimacy.
Identified by ESET researchers, the spyware campaign reportedly targets Android users from around the globe, including Australia, Brazil, Denmark, the Democratic Republic of the Congo, Germany, Hong Kong, Hungary, Lithuania, the Netherlands, Poland, Portugal, Singapore, Spain, Ukraine, the United States and Yemen.
The BadBazaar spyware is a known espionage tool that can record phone calls, take pictures on the device, steal contact lists, exfiltrate sensitive data and more.
In the case of both spyware apps, FlyGram is used to exfiltrate basic device information and sensitive data, including contact lists, call logs and the list of Google Accounts. That’s not all; it can also exfiltrate information from Telegram, such as contact lists, messages and more.
Moreover, users who enable a FlyGram backup feature to restore Telegram data will have their Telegram backup data exposed, as the threat actors have control of a remote server that can receive this data. According to the ESET report, 13,953 FlyGram users had this feature turned on.
As for Signal Plus Messenger, it also collects similar information, but its main objective is to spy on user’s Signal messages.
“It can extract the Signal PIN number that protects the Signal account, and misuses the link device feature that allows users to link Signal Desktop and Signal iPad to their phones,” ESET researcher Lukas Stefanko states. “This spying approach stands out due to its uniqueness, as it differs from the functionality of any other known malware.”
The FlyGram and Signal Plus Messenger spyware apps were active from July 2020 and July 2022, respectively. As of 2023, both apps have been removed from the Google Play Store. According to BleepingComputer, both apps were still active on the Samsung Galaxy Store. As of writing, they have now been taken down.
To avoid fraud apps and websites hiding malicious software such as spyware, Android users should download the original versions of popular apps like Telegram and Signal, even if they are available on official app stores. Both apps may work properly, but they contain spyware that can work in the background. If you recognise these apps or have other suspicious clone apps on your Android, delete them now.
What is spyware?
Spyware is a type of malicious software (malware) that sneakily obtains information on a device without the user’s knowledge and sends it to a threat actor. The stolen data can be anything from device information to personal files, photos, videos and more, which can be used to violate the user’s privacy or harm their device. This can lead to stolen passwords, banking accounts or sensitive information.
Spyware can infect devices by disguising themselves as legitimate software, such as an app or email attachment, to trick users into believing what they’ve installed is harmless. Spyware can put a user’s safety in danger without them being aware of the device being infected.
Since attackers can use spyware to track everything a user does, including the websites visited, communications between contacts and apps used daily, it can be easy for an attacker to obtain an assortment of information about a user. This can be used to harm the user directly or can be sold on dark web markets to malicious actors looking to exploit this information.
This nasty type of malware can easily slip past the defences of a device, which is why it’s a good idea to keep an antivirus on at all times to fortify your device.
Use antivirus software to stop spyware
Simply put, the best way to get rid of spyware, or any malicious software, is to use the best antivirus software.
Many free spyware and malware removal apps will dispatch malicious software on your device. Still, it’s a good idea to ensure these tools are trustworthy, as hackers can also disguise these tools on the App Store or Google Play Store to scam you or deploy even more malware.
Protection services such as Norton 360, Bitdefender, Avast and Malwarebytes all deliver high lab scores for detection and protection from all manner of malware, including spyware. They can scope out malicious attachments, apps or dodgy links on websites to see if they contain any spy software. What’s more, if it somehow sneakily gains access to your device, an antivirus can notify you of its presence and get rid of it. Not so undetectable anymore, right?
- Norton 360 Platinum review: Security multiplied
- Bitdefender review: All-in-one premium security
- Avast One review: Strong antivirus for free!
If you find any signs of this spyware in an app (or any type of malware), check out our guide on how to remove malware on Android.
Best antivirus to detect spyware
You can find out the best antivirus software below.
Best overall antivirus
Bitdefender takes the spot as best antivirus, and for good reason. It’s not enough that it boasts near-perfect lab test scores across the board, as it goes the extra mile by giving users access to a plethora of advanced security features.
Bitdefender goes above and beyond in the features department, all while keeping known malware, ransomware, and viruses at bay. It will defend your device against new attacks, provide security for online transactions, keep you safe with a reliable VPN, and protect your accounts with a password manager.
It’s a no-brainer when it comes to defending your devices against virtually any form of cyberattack, and its top-notch protection extends to its most affordable package, too. Protecting your PC and smartphone, from Windows and macOS to iOS and Android, is becoming even more necessary, and Bitdefender is the tricked-out shield you need.
See our full Bitdefender review
Best free antivirus
With Avast One, you can protect your device from viruses, malware and ransomware for free. That’s right, and you don’t have to pay a dime for the extra security features the antivirus throws in, including its VPN, firewall and more.
Avast One will safeguard your device from malware, comes with ransomware protection, blocks harmful websites and downloads from the web, scans your emails for malicious attachments, stops hackers from infiltrating your device through Wi-Fi with a firewall – the list goes on. That’s a lot of tools for software that’s free, and the included VPN and the ability to speed up your PC are a welcome bonus.
It’s the ideal antivirus software for home use, as it takes the hassle out of staying wary of cyber threats lurking around, even if you’re not a tech whizz. What’s more, if you are looking for added precautions, its paid Individual and Family packages still boast great value. Hard to go wrong with this best antivirus.
See our full Avast One review
Best antivirus for families
“Norton” and “antivirus” are synonymous these days, as the well-established cybersecurity brand has successfully fought against malware, viruses and nasty software threats since 1990.
Norton 360 offers excellent antivirus protection and extra features that make for a valuable, all-in-one security product. Its Norton 360 Deluxe and Premium package may cost a pretty penny. Still, with security across multiple platforms, a full-blown VPN, Dark Web Monitoring, Parental Controls and more, it will have a household free of cyber threats.
Norton’s certainty of its antivirus software’s capabilities is clearly defined by the brand’s 100% Virus Protection Promise. If a device protected by Norton 360 can’t get rid of a virus, the user receives their money back. It’s a big claim, but unquestionably, no one should expect to get that refund.
If you have the money for it, you can also check out the premium Norton 360 Platinum package for even more online protection, including from identity theft. Without a doubt one of the best antivirus to get.
See our full Norton 360 review
Another best antivirus for free
You can never go wrong with free antivirus protection, but some deliver even better detection and protection rates, along with extra security features, without costing a dime. This is where AVG antivirus shines.
AVG provides reliable protection and only a small impact on performance for Windows, Mac, iOS and Android. It safeguards your devices against malware, viruses and zero-day exploits, along with blocking malicious links and attachments in emails. Throw in phishing protection when surfing the internet and extra security features such as its SafePrice browser extension and Network Inspector, and you’ve got yourself a do-it-all antivirus.
Sure, you can find all of these perks with Avast, but if you like a slick, darker user interface that’s easy to navigate, then AVG is for you.
See our full AVG Antivirus review
Best antivirus for Windows PC
Hundreds of malware emerge every minute, and it’s Malwarebytes’ mission to detect and conquer them all. Does the antivirus do this successfully? Yes, but there’s wiggle room for improvements.
Malwarebytes’ no-nonsense approach to protecting your devices from the onslaught of malware and viruses is effective for those who need a reliable antivirus that will detect and remove malicious software, especially with its free version. However, while its premium service provides 24/7 real-time detection, conveniently blocks vicious ransomware and shields users from malicious websites, it doesn’t go beyond on the feature front.
That’s no bad thing, as sometimes a user only needs a powerful antivirus to keep them safe from cyber threats. But considering its competitors add a few more security tools, such as data breach monitoring and a firewall, there’s room for improvement.
See our full Malwarebytes review