What is Teligram? Fake Telegram app found serving up malware and ads on Google Play Store
"Once installed, it becomes more difficult to tell the difference," Symantec said.
Security researchers have discovered a fake Telegram application on the Google Play Store that claims to be a new, updated version of the popular encrypted messenger app. According to Symantec researchers, the phony app goes by the name "Teligram [NEW VERSION UPDATED]" and is designed to look exactly like the real and legitimate Telegram app.
"The only differences, at least at first glance, are the (mis)spelling of Telegram, with an 'I' replacing the second 'e', the bracketed addendum, and a slightly different app icon," These differences are an attempt to trick users into thinking the app is the latest updated version of the legitimate Telegram app.
Teligram features similar screen style and an identical app description to the original app. Although it actually functions as an instant messaging app, it also runs malware in the background and displays advertisements throughout the app.
"Once installed, it becomes more difficult to tell the difference," Symantec said in a blog post published on Wednesday (10 January). "Comparing the apps' manifests reveals that Teligram has added advertising libraries in order to create revenue for the fraudsters behind the deceptive app.
"Teligram displays advertisements in two different ways, within the chat list and by showing intermittent full screen advertisements."
Researchers said the malware that Teligram installs on an infected device as Trojan.Gen.2, which was built using the open source Telegram code that is distributed on third-party app stores.
"While open source projects can be of huge benefit to developers and consumers, they can also be used by criminals to create convincing imitations of trusted apps," John Hou of Symantec's Security Technology and Response (STAR) team wrote.
Once the dodgy app is installed and run on the device, the malware can be leveraged by hackers to install a backdoor, ad clicker or carry out other nefarious activities.
"Compared to this malware, Teligram users are lucky as advertising revenue appears to be the main motive behind the app," Hou wrote. "Although no malicious behavior has been added to Teligram, its developers could potentially add any behavior they wish."
Google has since removed the malicious Teligram app from its Play Store.
