User data is stolen by new malware for Android. When installing this app, exercise caution
A new threat is circulating throughout the Android operating system, posing a threat to users. Security experts have recently discovered it, and its primary objective is to monitor victims' online purchases and steal confidential information from their mobile devices.
Dubbed FireScam, it’s a new piece of malware that’s been circulating on Android phones. To confuse and trick users, the malware disguises itself as a premium version of Telegram. Worse still, it’s being distributed through GitHub, where threats have been getting out of hand lately. What’s going on with this virus, and what are users exposing themselves to?
As reported by security firm Cyfirma, what the hackers did was create a page inside GitHub that copies the design of the RuStore app store. If RuStore is not familiar to you, then this is not strange, but it is a Russian alternative store to Google Play that has gained a lot of popularity over the years. Because of this, many users recognize RuStore and immediately trust the store to download applications.
What the hackers did was release this fake version of RuStore inside GitHub and make users, without their knowledge, download an infected file like GetAppsRu.apk. This file sneaks onto users’ phones without being detected by security software, and from there it takes full rights over the phone.
This gives the hackers instant access to a huge amount of user information, such as the apps they have installed or even their multimedia files. But all this is just the beginning as an app that hides the main malware of the infection, known as Telegram Premium.apk, is installed.
Installing this malware will unleash a range of risks on the mobile phone. The user will think that they are installing the premium Telegram app, through which they will supposedly be able to use additional features and functions that are not normally available in the Telegram app. However, when the app asks the user for permissions, it will have access to more mobile data. It will be able to access SMS, call services, monitor notifications, and other elements of the phone.
In addition, the program steals the access data of the Telegram account and creates another communication bridge to take information from other phone elements. On the other hand, the malware also installs a general surveillance virus that steals more information.
At the moment, Cyfirma says they haven’t discovered who is behind FireScam, although they will likely continue investigating to come to a conclusion. As always, the recommendation is not to risk downloading apps or files from unknown sources. Both RuStore and GitHub are safe platforms, but in both cases we should be careful about the files we get.