A fake Telegram app for Android has been discovered that is loaded with malware and capable of a myriad of malicious activities.
After being installed, malware code starts running in the background, posing as an internal application update service, cybersecurity researchers said, adding that the malware first gathers data on the device it's being installed to, then sets up a communications channel with its server, then downloads further configurations, and then waits for the payload.
The payload itself is the Triada trojan which, upon delivery, gains system privileges and injects itself into other processes on the device.
The researchers further explained that past analysis of Triada uncovered a wide range of abilities, from signing victims up for various paid subscriptions, to making in-app purchases via SMS and phone numbers, to displaying invisible and in-background ads. Triada can also steal passwords and other sensitive data from the devices, it was said.
Source: Qatar News Agency