An application that claims to do Signal messaging could be downloaded from the Play Store and Samsung’s Mobile Store. This malicious app could intercept messages sent by users.
Signal Plus Messenger: If this application is on your Android smartphone, you must delete it immediately. This is what ESET security researchers found outIt was malware whose purpose is to monitor user messages. The malware was developed by the China-affiliated GREF hacking group and specifically targeted the Uighur community, which is being persecuted by the Chinese power.
Hackers for whom this is nothing new
The app was available on the Play Store before Google removed it. What’s even more worrying is that it is still available in the Galaxy Store despite Samsung being warned by ESET in May. Signal Plus Messenger uses the Signal interface and works in the same way.
© ESET
The official messenger allows users to link the mobile app to their iPad or PC. Signal Plus Messenger exploited this feature by automatically connecting the compromised device to the hacker’s Signal without the legitimate user knowing. Therefore, All messages sent via the malicious app were forwarded to the hacker’s account.
According to Lukas Stefanko, who discovered the story, this is the first documented case of espionage involving Signal using a secret automatic linking system. The malware’s developers have not only found a way to monitor communications through Signal, but also to deceive two of the world’s largest technology companies. Rather worrying…
Meredith Whittaker, President of Signal, thanks Google for removing the fake application: “We hope so [Google] will do more to avoid these scams on their platform in the future. She calls on Samsung to do what is necessary.
The GREF hackers are also the origin of another malicious application masquerading as another: it is Flygram, which imitates Telegram and is distributed on the Play Store and Galaxy Store.
Source: Forbes