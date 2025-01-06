Google Pixel 9 with over 20% discount!

Avoid at all costs: this fake Telegram Premium clone app is a nasty malware

By
0comments
Google News Follow
Follow us on Google News
Android Apps
The Telegram logo.
New year, new horror: there's a newly identified Android malware, dubbed ‘FireScam’; this one is being distributed as a sham version of the Telegram Premium app through phishing websites hosted on GitHub.

These websites imitate RuStore, Russia’s government-supported app marketplace, which was launched in 2022 as an alternative to Google Play and the Apple App Store in response to Western sanctions, a report by BleepingComputer reads.

According to cybersecurity experts, the phishing sites first deliver a malicious installer file named GetAppsRu.apk, known as a dropper module. A dropper is a type of software that acts as a delivery vehicle for malware. This file is obfuscated using a technique called DexGuard, designed to hide its true purpose and evade detection by security software. Once installed, the dropper requests permissions that allow it to analyze installed apps, access the device’s storage, and install additional files.

The dropper then deploys the main malware, disguised as Telegram Premium.apk, which requests extensive permissions to access notifications, clipboard data, SMS messages, and phone services. When executed, the app presents users with a fake login screen resembling Telegram's interface. This fraudulent screen captures users’ credentials and sends them to the attackers. Not fun, right?

FireScam communicates with a remote database using Firebase, a legitimate cloud platform. It uploads stolen data in real-time and registers devices with unique identifiers for tracking. The malware can also maintain persistent communication with Firebase to receive commands, download further malicious files, and adjust its surveillance activities.

Additionally, FireScam meticulously tracks user activity, such as screen changes and e-commerce transactions, aiming to steal sensitive financial information. It captures everything users type, copy, or interact with, including data autofilled by password managers or shared between apps. This information is sent to the attackers after being categorized for valuable content. Definitely not fun at all!

Researchers note FireScam’s sophisticated design and its use of advanced evasion techniques, making it particularly dangerous. While the identity of the attackers remains unknown, the report advises users to exercise caution when downloading apps, avoid files from untrusted sources, and refrain from clicking on unfamiliar links to minimize the risk of falling victim to such threats. You just need to do so.
Create a free account and join our vibrant community
Register to enjoy the full PhoneArena experience. Here’s what you get with your PhoneArena account:
  • Access members-only articles
  • Join community discussions
  • Share your own device reviews
  • Build your personal phone library
Register For Free
https://m-cdn.phonearena.com/images/users/334-200/sebastian-square.jpg
Sebastian Pier Senior News Writer
Sebastian, a veteran of a tech writer with over 15 years of experience in media and marketing, blends his lifelong fascination with writing and technology to provide valuable insights into the realm of mobile devices. Embracing the evolution from PCs to smartphones, he harbors a special appreciation for the Google Pixel line due to their superior camera capabilities. Known for his engaging storytelling style, sprinkled with rich literary and film references, Sebastian critically explores the impact of technology on society, while also perpetually seeking out the next great tech deal, making him a distinct and relatable voice in the tech world.

Recommended Stories

Loading Comments...

Popular stories

T-Mobile employee dashes hope about launch of its most exciting offering
T-Mobile employee dashes hope about launch of its most exciting offering
Pixel 80% charge limit arrived with the December update, but there’s a catch
Pixel 80% charge limit arrived with the December update, but there’s a catch
Google may soon let Pixel devices on Android 15 sync notifications without the need for WiFi
Google may soon let Pixel devices on Android 15 sync notifications without the need for WiFi
The iPhone SE will cease to exist. All hail the iPhone 16E
The iPhone SE will cease to exist. All hail the iPhone 16E
Best Buy is offering a generous discount on the superb 256GB Galaxy Tab S9+
Best Buy is offering a generous discount on the superb 256GB Galaxy Tab S9+
If this is Samsung Galaxy S25 pre-order bonus, you might not like it
If this is Samsung Galaxy S25 pre-order bonus, you might not like it

Latest News

All variants of this Android phone of the year candidate will have IP68/69 protection
All variants of this Android phone of the year candidate will have IP68/69 protection
Apple Intelligence continues to deliver fake news to iPhone users but you can turn this feature off
Apple Intelligence continues to deliver fake news to iPhone users but you can turn this feature off
Treat yourself to the hot new Soundcore Space One Pro at their first-ever discount while you can!
Treat yourself to the hot new Soundcore Space One Pro at their first-ever discount while you can!
Leaked renders show off Galaxy S25 Ultra and S25 in different shades of blue
Leaked renders show off Galaxy S25 Ultra and S25 in different shades of blue
Samsung is reportedly about to show Apple what AI is really all about
Samsung is reportedly about to show Apple what AI is really all about
Amount of iPhone storage needed for Apple Intelligence nearly doubles
Amount of iPhone storage needed for Apple Intelligence nearly doubles
FCC OKs Cingular\'s purchase of AT&T Wireless