Fake Updates, Real Danger: Cybercrooks Mimic Popular Messengers to Steal Data

Popular mobile messaging apps such as WhatsApp, Signal, and Telegram have long been targets for cybercriminals. Scammers create and distribute malicious replicas of these applications, deceiving users with phishing campaigns on social media, email, and SMS.

According to ESET, dozens of instances of the distribution of fake versions of WhatsApp and Telegram, masquerading as updates and mods, were recorded in 2021.

The malicious Signal Plus Messenger app once available on Google Play (left) and Samsung Galaxy Store (right)

For example, in 2021, fraudsters spread malware disguised as a pink theme for WhatsApp. This program automatically responded to received messages with phishing links, stealing victims’ confidential data.

Additionally, dozens of fake websites distributed malicious applications capable of intercepting information from the clipboard. Users were lured into traps with fake ads and YouTube videos.

Recently, Chinese hackers managed to embed the BadBazaar spyware into counterfeit versions of Signal and Telegram. Surprisingly, these messengers passed security checks in Google Play and the Samsung Galaxy Store, and the malicious software remained undetected for a long time.

Once the malicious messenger is installed, attackers gain access to users’ personal data and banking information, can monitor their actions, encrypt files and demand ransom, use paid services, steal passwords, and conduct cyberattacks on corporate networks.

To avoid falling victim to scammers, experts recommend:

  • Download applications only from official stores.
  • Regularly update the operating system and installed programs.
  • Before downloading a messenger, check reviews and information about the developer.
  • Avoid clicking on suspicious links and installing software from unknown sites.
  • Use reliable antivirus programs.
  • Enable two-factor authentication for accounts.

Additionally, pay attention to the following signs of malicious activity:

  • Suspicious app names and descriptions.
  • Sudden appearance of intrusive ads.
  • Unfamiliar icons appearing on the device.
  • Rapid battery drain and smartphone slowdown.
  • Sharp increase in mobile data usage and communication service bills.

By adhering to these precautionary measures, you can significantly reduce the risks of encountering phishing and suffering from the actions of cybercriminals.