Our smartphones are a hub for everything - from messaging to banking.
But with convenience comes risk.
And scammers are always on the lookout for ways to exploit our devices.
Now, Android users are being warned of a fake app that looks harmless but packs a dangerous punch.
Advert
The new malicious Android software is disguising itself as a 'premium' version of a popular messenger app.
Once downloaded, the pseudo-app tricks people into thinking they are downloading a Telegram Premium application.
However, the malware instead sneakily monitors victims' notifications, text messages, and app activity, all the while stealing sensitive information via Firebase services.
The app advertises itself as 'Telegram Premium' to hide its true malware form which is known as FireScam.
If you haven't heard of it, Telegram is a messenger app like WhatsApp and Signal that offers end-to-end encryption for secret chats.
But no official 'premium' version actually exists.
Cybersecurity researchers at Cyfirma discovered that the app is being distributed on phishing websites malware through a GitHub.io-hosted phishing website that mimics RuStore, Russia’s version of the Google Play Store.
While the app isn’t available on the official Google Play Store (thank goodness for that), it could still leave Android owners who are open to sideloading at risk.
The moment it's downloaded, the fake Telegram Premium app asks for extensive permissions as soon as it’s installed, including access to notifications, SMS and phone calls.
And when victims open the app, they are reportedly asked to log in with their Telegram credentials.
Unfortunately, this gives hackers everything they need to take over the victim’s Telegram account.
Once hackers have access to the victim's Telegram account, hackers sift through it for any valuable details.
But that's not all.
Once installed, the malware can keep a close eye on any online transactions made via the Android device whilst stealing financial information. It can also observe and intercept data from password managers or auto-filled credentials as well as access your text messages and phone calls.
According to The Register, Cyfirma researchers spotted the new fake app temporarily stores in the Firebase Realtime Database, filtered for valuable information, and then later removed.
"These logs are then exfiltrated to a Firebase database, granting attackers remote access to the captured details without the user's knowledge," Cyfirma's researchers noted.
To stay safe on your Android and Apple devices, make sure to only download apps from trusted sources like the Google Play Store and avoid sideloading apps unless you’re absolutely sure of their legitimacy.