Suspected China-linked hackers have been discovered targeting Android users with spyware, according to research conducted by cybersecurity firm ESET. The hackers deployed a malware variant called ‘BadBazaar’ in fake Signal and Telegram applications, distributing these malicious apps through official app stores, including Google Play and the Samsung Galaxy store.
Reports suggest that the China-aligned hacking group known as GREF was responsible for carrying out the attacks. The fake apps were created with the intention of stealing sensitive user data, including device information, installed apps, contact lists, and call records. In some cases, the hackers managed to gain full access to Telegram backups.
One particularly dangerous aspect of the malware was found in the fake Signal Plus Messenger app, which had the capability to secretly connect the compromised device to the attacker’s device. This allowed the hackers to spy on messages without the victim’s knowledge. While Google has taken action and removed the malicious apps from Google Play, they remain available for download on the Samsung Galaxy store.
The victims of these campaigns span across various countries, including Australia, Brazil, Denmark, Germany, Hong Kong, Poland, Portugal, Singapore, Spain, Ukraine, and the United States. Notably, some victims belong to the Uyghur ethnic group in China, who were lured into installing the malicious app through a Uyghur Telegram group.
This is not the first time that the BadBazaar malware has targeted Uyghurs and other Turkic ethnic minorities. ESET’s research revealed that these campaigns have been active since at least July 2020, indicating a prolonged and persistent effort by the hackers.
In response to the discovery, ESET promptly published their findings on Wednesday, raising awareness about the threat. As for the affected users, it is strongly recommended to check their devices for any installed suspicious apps and remove them immediately. Additionally, users are advised to update their security software and remain cautious when downloading apps, even from official sources.
With the prevalence of cyber threats evolving constantly, it is crucial for users to stay vigilant and employ robust cybersecurity measures to safeguard their personal information in today’s digital landscape.
“Wannabe troublemaker. Pop culture fanatic. Zombie nerd. Lifelong bacon advocate. Alcohol enthusiast. Tv junkie.”