Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Telegram. Show all posts
Telegram Messenger
App privacy Cyber Security data security End To End Encryption Messaging Apps Secure Messenger Telegram Telegram Messenger

Examining Telegram’s Encryption Flaws: Security Risks and Privacy Concerns

 

Telegram is often perceived as a secure messaging app, but this perception is flawed. Unlike WhatsApp, Telegram doesn’t have end-to-end encryption by default. While Secret Chats offer encryption, users must manually activate this feature, and it doesn’t apply to group chats or desktop versions. Additionally, Telegram’s encryption is proprietary and not open to public audits, making it hard to verify its security. This leaves room for potential vulnerabilities, including access by admins, authorities, and hackers. While Telegram is widely used for its innovative features like chat organization and community management, its encryption methods raise red flags among security experts. The platform encrypts data in transit, preventing message interception. 

However, the majority of conversations on Telegram are not end-to-end encrypted, meaning administrators could access them if required by law enforcement. This poses risks for users discussing sensitive topics or sharing confidential information. Moreover, Telegram’s encryption methods are seen as complex and opaque. For example, the optional Secret Chats use a proprietary encryption algorithm, which is difficult to verify and may include hidden vulnerabilities. Cryptography professionals have criticized this, noting that unless an encryption system is open-source, it cannot be thoroughly vetted for weaknesses or backdoors. One of the significant drawbacks of Telegram’s security is its inapplicability to group chats. Group conversations cannot be encrypted, which increases the risk of unauthorized access to user messages. 

For those needing strong privacy for sensitive communications, this is a serious limitation. Given that other popular messaging platforms like Signal and WhatsApp offer end-to-end encryption by default, users of Telegram may want to reconsider using the app for private or sensitive discussions. Signal, for instance, uses the highly respected Signal Protocol, which has been audited and proven to be robust. Telegram, by comparison, leaves users with limited protection due to its closed-source encryption. Despite these concerns, Telegram remains a popular app due to its versatile features, making it more than just a messaging platform. Telegram’s organizational tools, community management features, and ability to broadcast information have made it a favorite among certain groups, especially those sharing tech news or international updates. 

However, for those who prioritize security, Telegram’s limited encryption may not be sufficient, making apps like Signal or even WhatsApp a safer option for encrypted messaging. While Telegram has many innovative features, its encryption limitations leave it far from being the most secure messaging app.
Read more »
UNODC
Cyber crimes Deepfake Personal Data Stolen Data Telegram UNODC

UN Report: Telegram joins the expanding cybercrime markets in Southeast Asia

 


According to a report issued by the United Nations Office for Drugs and Crime, dated October 7, criminal networks across Southeast Asia are increasingly turning to the messaging platform Telegram for conducting comprehensive illegal activities. It says Telegram, due to big channels and seemingly insufficient moderation, becomes the attraction of the underworld for organised crime and its resultant transformation in the ways of operating global illicit operations.

An Open Market for Stolen Data and Cybercrime Tools

The UNODC report clearly illustrates how Telegram has become a trading platform for hacked personal data, including credit card numbers, passwords, and browser histories. Cybercriminals publicly trade on the large channels of Telegram with very little interference. In addition, it has various software and tools designed to conduct cybercrime such as fraud using deepfake technology and malware used for copying and collecting users' data. Moreover, money laundering services are provided in unauthorised cryptocurrency exchanges through Telegram.

An example was an ad to be placed on Telegram stating that it was moving USDT cryptocurrency, stolen and with $3 million daily transactions, to cash in on criminal organisations involved in transnational organised crime in Southeast Asia. According to reports, these dark markets are growing increasingly omnipresent on Telegram through which vendors aggressively look to reach criminal organisations in the region.

Southeast Asia: A hub of fraud and exploitation

According to the UNODC reports, this region in Southeast Asia has become an important base for international fraudulent operations. Most criminal activities within the region relate to Chinese syndicates located within heavily fortified locations and use trafficked individuals forced into labour. It is estimated that the industry generates between $27.4 billion and $36.5 billion annually.

The move comes as scrutiny of Telegram and its billionaire founder, Russian-born Pavel Durov, is intensifying. Durov is facing legal fallout in France after he was charged with abetting crime on the platform by allowing the distribution of illegal content after he tightened his regulations in France. The case has sparked debates on the liability of tech companies for the crimes happening on their platform, and the line between free speech and legal accountability.

It responded to the increasing pressure by promising cooperation with legal authorities. The head of Telegram, Durov, stated that Telegram will share the IP addresses and phone numbers of users whenever a legal request for them is required. He further promised to cancel some features on the platform that have been widely misused for illicit activities. Currently, more than a billion people worldwide are using Telegram, and it has so far not reacted publicly to the latest report from the UNODC.

A Perfect Fertile Ground for Cybercrime

For example, as personal data becomes more and more exposed to fraudulent exploitation and fraud schemes through Telegram, for instance, the Deputy Representative for Southeast Asia and the Pacific at UNODC highlighted the perils of the consumer getting to see. In this respect, Benedikt Hofmann, free access and anonymity developed an ideal setting for criminals towards the people's data and safety.

Innovation in Criminal Networks

The growth in Southeast Asia's organised crime to higher levels may indicate criminals will be armed with new, more varying technologies-most importantly malware, generative AI tools, and deepfakes-to commit sophisticated cyber-enabled fraud. In relation to innovation and adaptability, investigation by UNODC revealed over 10 specialised service providers in the region offering deep fakes technology for use in cybercrime cases.

Expanding Investigations Across Asia

Another area of concern discussed in the UNODC report is the increasing investigation by law enforcement agencies in other parts of Asia. For example, South Korean authorities are screening Telegram for its role in the commission of cybercrimes that include deepfake pornography. Meanwhile, in India, a hacker used Telegram chatbots to leak private data from Star Health, one of the country's largest insurers. This incident disclosed medical records, IDs, and even tax details. Star Health sued Telegram.

A Turning Point in Cybersecurity

The UNODC report opens one's eyes to the extent the challenge encrypted messaging presents toward the fight against organised crime. Thus, while criminal groups will continue and take full advantage of platforms like Telegram, tech companies remain on their toes about enforcing control measures over illegal activity while trying to balance concerns to address user privacy and safety.


Read more »
Threat Detection
2024 Authentication Cyber Fraud CyberCrime Cybersecurity Mamba 2FA MFA phishing phishing-as-a-service SEKOIA Telegram Threat Detection

Mamba 2FA Emerges as a New Threat in Phishing Landscape

 

In the ever-changing landscape of phishing attacks, a new threat has emerged: Mamba 2FA. Discovered in late May 2024 by the Threat Detection & Research (TDR) team at Sekoia, this adversary-in-the-middle (AiTM) phishing kit specifically targets multi-factor authentication (MFA) systems. Mamba 2FA has rapidly gained popularity in the phishing-as-a-service (PhaaS) market, facilitating attackers in circumventing non-phishing-resistant MFA methods such as one-time passwords and app notifications.

Initially detected during a phishing campaign that imitated Microsoft 365 login pages, Mamba 2FA functions by relaying MFA credentials through phishing sites, utilizing the Socket.IO JavaScript library to communicate with a backend server. According to Sekoia's report, “At first, these characteristics appeared similar to the Tycoon 2FA phishing-as-a-service platform, but a closer examination revealed that the campaign utilized a previously unknown AiTM phishing kit tracked by Sekoia as Mamba 2FA.” 

The infrastructure of Mamba 2FA has been observed targeting Entra ID, third-party single sign-on providers, and consumer Microsoft accounts, with stolen credentials transmitted directly to attackers via Telegram for near-instant access to compromised accounts.

A notable feature of Mamba 2FA is its capacity to adapt to its targets dynamically. For instance, in cases involving enterprise accounts, the phishing page can mirror an organization’s specific branding, including logos and background images, enhancing the believability of the attack. The report noted, “For enterprise accounts, it dynamically reflects the organization’s custom login page branding.”

Mamba 2FA goes beyond simple MFA interception, handling various MFA methods and updating the phishing page based on user interactions. This flexibility makes it an appealing tool for cybercriminals aiming to exploit even the most advanced MFA implementations.

Available on Telegram for $250 per month, Mamba 2FA is accessible to a broad range of attackers. Users can generate phishing links and HTML attachments on demand, with the infrastructure shared among multiple users. Since its active promotion began in March 2024, the kit's ongoing development highlights a persistent threat in the cybersecurity landscape.

Research from Sekoia underscores the kit’s rapid evolution: “The phishing kit and its associated infrastructure have undergone several significant updates.” With its relay servers hosted on commercial proxy services, Mamba 2FA effectively conceals its true infrastructure, thereby minimizing the likelihood of detection.

Read more »
Telegram
Child pornography communication Cyber Security Online Scams Telegram

Is Telegram Still a Safe Messaging App? An In-Depth Look


Telegram, a popular messaging app launched in 2013, has earned a reputation for its robust security features. This Dubai-based platform offers end-to-end encryption for video and voice calls and in its optional feature, Secret Chats. This encryption ensures that only the sender and recipient can access the communication, making it a secure option compared to many other messaging apps.

However, recent developments have sparked concerns about the app's safety. Telegram's CEO, Pavel Durov, was recently arrested and charged in France. The charges stem from illicit activities, such as drug trafficking, online scams, and child pornography, that were reportedly facilitated through the app. While this incident has raised questions about the app's security, it’s crucial to understand whether these events affect the app’s functionality and what precautions users should take.

Telegram's Security Measures

When evaluating Telegram's safety, it's important to recognise the app's commitment to privacy. End-to-end encryption is considered the gold standard for securing digital communications, ensuring that even the platform itself cannot access the content of the messages. This level of protection is available by default for video and voice calls and can be enabled in private text messages through Secret Chats. 

However, despite these measures, Telegram is not entirely impervious to scrutiny from authorities. In past instances, the platform has been compelled to provide user data to law enforcement agencies. This highlights that while Telegram offers full proof privacy protections, users should not assume absolute immunity from official oversight.

Impact of the CEO's Arrest on Telegram

The arrest of Pavel Durov has undoubtedly raised eyebrows. Typically, tech entrepreneurs have not been held accountable for the actions of users on their platforms to this extent. The charges against Durov are linked to criminal activities conducted through Telegram, a substantial departure from the usual treatment of tech executives.

Despite these legal challenges, there is no indication that Durov's arrest will affect Telegram's core security features, including end-to-end encryption. The legal case primarily concerns the misuse of the platform by third parties, not the app’s technical infrastructure or its security protocols. Notably, some influential figures, such as Elon Musk, have criticised the arrest, arguing that it is unreasonable to hold a platform owner accountable for how the platform is used.

Tips for Staying Safe on Telegram

While Telegram provides strong security features, users should remain vigilant against potential scams. The anonymity and encryption offered by Telegram make it an attractive platform for scammers. To protect yourself, it's essential to be cautious when receiving unsolicited messages, particularly from unknown contacts. Even messages that appear to come from customer service representatives or familiar sources should be treated with scepticism until the sender’s identity is verified.

Another crucial safety tip is to avoid sharing sensitive information, such as credit card details or personal data, on Telegram, especially with strangers. Impersonation scams are increasingly sophisticated, and once your information is compromised, it can lead to significant harm.

Bottom line is while Telegram remains a secure messaging app, users must stay alert to potential risks. The app's encryption provides a strong layer of security, but it is not foolproof. By being cautious and informed, users can enjoy the benefits of Telegram while minimising their exposure to scams and other risks.


Read more »
Telegram
App Store Malicious Content Mobile Security Social Media App Telegram

Security Analysts Observe Massive Surge in Telegram App Downloads Following Durov Arrest

 

The arrest of Telegram creator and CEO Pavel Durov in France is beginning to have an influence on the app's popularity and position.

The founder was arrested last month for allegedly allowing illicit practices to thrive on the social media platform by failing to properly monitor posts, particularly in drug trafficking, money laundering, and the spread of child sexual abuse material (CSAM). 

Despite concerns regarding the app's content, Telegram is now experiencing a spike in downloads, propelling it to the No. 2 spot on the U.S. App Store's Social Networking charts and increasing global iOS downloads by 4%. 

After Durov's arrest, Telegram took some time to rise. This might be the case because a lot of individuals found out about the news only after reading the stories they had missed over the weekend, or because third-party sources of app store intelligence take a little longer to report changes in rankings. 

According to Appfigures, an app intelligence company, Telegram didn't rise to the No. 2 spot on the Social Networking charts on the U.S. App Store until 3 a.m. EST on Monday, suggesting that the app is just now starting to gain traction. The app had already fallen to No. 3 in Social in the U.S. as of the time of publication, so it might only be a temporary boost.

However, the app shot to the top of the App Store's Social Networking category and rose to become the third most popular app overall in France, the country where Durov was arrested. After climbing ten spots since Friday, Telegram now stands at No. 8 in the top apps chart (which does not include games). Appfigures stated that this is the highest position it has held here since at least January 1, 2023. Apple often uses a combination of measures, including download velocity and app install count, to determine app store rankings.

Nevertheless, the cliché "any press is good press" appears to hold true, at least in terms of Telegram's exposure on the App Store. As consumers downloaded the app out of curiosity — or possibly to support the founder's views about "free speech" — it began to rise in the rankings.
Read more »
Telegram Messenger
App security Content Moderation. Cyber Criminal Cyber Security Messaging Apps Telegram Telegram Messenger

The Dual Nature of Telegram: From Protest Tool to Platform for Criminal Activity

 

Telegram, a messaging app co-founded by Pavel Durov in 2013, has become one of the world’s largest communication platforms, with over 900 million users. The app’s dual nature has recently put it in the spotlight after Durov was arrested in Paris on August 24, reportedly at the request of a special unit within France’s Interior Ministry that investigates crimes against minors. This incident has sparked renewed scrutiny of Telegram’s role in global communications. 

Initially, Telegram was created in response to the Russian government’s crackdown on pro-democracy protests in 2011 and 2012. The app’s primary selling points—encryption of communications and user anonymity—made it an attractive tool for activists worldwide. Telegram gained notoriety during the 2020 Belarus protests against a rigged presidential election, where activists used it to coordinate actions while evading government surveillance. Similarly, during Iran’s 2018 anti-government protests, Telegram was crucial for organizing and sharing uncensored information, attracting an estimated 40 million users in the country. The app’s ability to facilitate communication under oppressive regimes highlighted its potential as a tool for free expression and resistance. 

However, Telegram’s lack of moderation and security features has also made it a haven for criminal activity. Its encryption and anonymity appeal to drug dealers, pedophiles, and those trading illegal goods. A 2019 BBC investigation found that criminals were using Telegram to distribute child sexual abuse material and stolen credit card information, often embedding links to illegal content within public comments on YouTube videos. Telegram’s relaxed policies have made it easier for users with malicious intent to exploit the platform. Additionally, Telegram has become a powerful tool for disinformation, particularly in Central and Eastern Europe. A 2023 investigative report identified the app as the largest platform for disinformation in the region, with German-language channels playing a significant role in influencing extremist opinions. 

Since Russia’s invasion of Ukraine in 2022, the Kremlin and affiliated groups have increasingly used Telegram for propaganda, recruitment, and fundraising. Pro-Russian channels experienced a surge in subscribers, turning Telegram into a key communication tool for the conflict. The app’s dual role has drawn global attention, especially as Durov’s case unfolds in France. Telegram defended its stance by arguing that holding an owner responsible for all platform activities is “absurd.” 

Yet, this controversy highlights the broader challenge of balancing privacy and free speech with the need to combat illegal and harmful activities online. As authorities grapple with these issues, the future of Telegram remains uncertain, balancing its potential for good against the misuse by those with nefarious intentions.
Read more »
Web3
Blockchain Social Media Technology Telegram Web3

Telegram Users Cross 900 Million, Company Plans to Launch App Store


Aims to reach 1 Billion followers: Telegram founder

Telegram, a famous messaging app crossed 900 million active users recently, it will aim to cross the 1 billion milestone by 2024. According to Pavel Durov, the company's founder, it also plans to launch an app store and an in-app browser supporting web3 pages by July.

In March, Telegram reached 900 million. While addressing the achievement, Durov said the company wishes to be profitable by 2025.

Telegram looks proactive in adopting web3 tech for its platform. Since the beginning, the company has been a strong supporter of blockchain and cryptocurrency initiatives, but it couldn't enter the space due to its initial coin offering failure in 2018. “We began monetizing primarily to maintain our independence. Generally, we see value in [an IPO] as a means of democratizing access to Telegram's assets,” Durov said in an interview with the Financial Times earlier this year.

Telegram and TON blockchain

Telegram started auctioning usernames on the TON blockchain in December 2018. It has emphasized assisting developers in building mini-apps and games that utilize cryptocurrency while doing transactions. In 2024, the company started sharing ad revenues with channel owners by giving out Toncoin (a token on the TON blockchain). At the beginning of July 2024, Telegram began allowing channel owners to convert stars to Toncoin for buying ads at discount prices or trade cryptocurrencies.

Scam and Telegram

But telegram has been long suffering from scams and attacks from threat actors. According to a Kaspersky report, since November 2023, it has fallen victim to different peddling schemes by scammers, letting them steal Toncoins from users. According to Durov, Telegram plans on improving its moderation processes this year as multiple global elections surface (few have already happened as we speak) and deploy AI-related mechanisms to address potential problems. 

Financial Times reported “Messaging rival WhatsApp, owned by Meta, has 1.8bn monthly active users, while encrypted communications app Signal has 30mn as of February 2024, according to an analysis by Sensor Tower, though this data only covers mobile app use. Telegram’s bid for advertising dollars is at odds with its reputation as a renegade platform with a hands-off approach to moderation, which recently drew scrutiny for allowing some Hamas-related content to remain on the platform. ”

Read more »
Telegram
Android App Safety APK Files Cyber Attacks ESET ESET Research Malicious Apps Telegram

EvilVideo Exploit: Telegram Zero-Day Vulnerability Allows Disguised APK Attacks

 

A recent zero-day vulnerability in Telegram for Android, dubbed ‘EvilVideo,’ has been exploited by attackers to send malicious Android APK payloads disguised as video files. This significant security flaw was first brought to light when a threat actor named ‘Ancryno’ started selling the exploit on June 6, 2024, on the Russian-speaking XSS hacking forum. 

The vulnerability affected Telegram versions 10.14.4 and older. ESET researchers discovered the flaw after a proof-of-concept demonstration was shared on a public Telegram channel, allowing them to analyze the malicious payload. They confirmed that the exploit worked on Telegram v10.14.4 and older, naming it ‘EvilVideo.’ The vulnerability was responsibly disclosed to Telegram by ESET researcher Lukas Stefanko on June 26 and again on July 4, 2024. Telegram responded on July 4, indicating that they were investigating the report. 

Subsequently, they patched the vulnerability in version 10.14.5, released on July 11, 2024. This timeline suggests that threat actors had at least five weeks to exploit the zero-day vulnerability before it was patched. While it remains unclear if the flaw was actively exploited in attacks, ESET shared a command and control server (C2) used by the payloads at ‘infinityhackscharan.ddns[.]net.’ BleepingComputer identified two malicious APK files using that C2 on VirusTotal that masqueraded as Avast Antivirus and an ‘xHamster Premium Mod.’ 

The EvilVideo zero-day exploit specifically targeted Telegram for Android. It allowed attackers to create specially crafted APK files that, when sent to other users on Telegram, appeared as embedded videos. ESET believes the exploit used the Telegram API to programmatically create a message showing a 30-second video preview. The channel participants received the payload on their devices once they opened the conversation. 

For users who had disabled the auto-download feature, a single tap on the video preview was enough to initiate the file download. When users attempted to play the fake video, Telegram suggested using an external player, which could lead recipients to tap the “Open” button, executing the payload. Despite the threat actor’s claim that the exploit was “one-click,” the multiple clicks, steps, and specific settings required for a successful attack significantly reduced the risk. ESET tested the exploit on Telegram’s web client and Telegram Desktop and found that it didn’t work on these platforms, as the payload was treated as an MP4 video file. 

Telegram’s fix in version 10.14.5 now correctly displays the APK file in the preview, preventing recipients from being deceived by files masquerading as videos. Users who recently received video files requesting an external app to play via Telegram are advised to perform a filesystem scan using a mobile security suite to locate and remove any malicious payloads.
Read more »
Telegram
APT Group Cyber Attacks Hactivist Group India Ransomware Telegram

Ransomware Attacks on the Rise! Nearly 2900 Assaults Reported in the First Quarter of 2024

 

The increasing frequency of ransomware attacks is a significant challenge, as seen by the recent rise in APT groups with ties to Pakistan before the Indian elections and the disruption of significant Ransomware-as-a-Service (RaaS) operations.

The Seqrite report states that initial access brokers are selling more access to Indian entities (corporate and government) in the underground forums. This led to over 2900 disruptive actions in the first quarter of 2024 by over 85 Telegram hacktivist groups, including DDoS, website defacement, and database dumps. According to the report, there is one ransomware attack for every 650 detections. 

The most recent findings paint a picture of increasing threats, with sophisticated attacks targeting governments, organisations, and individuals alike. 

The report also highlighted a recent spike in cyberattacks by Pakistan-linked APT groups such as SideCopy and APT36 (Transparent Tribe) targeting not only the Indian government and military bodies, which is especially concerning given the ongoing elections, but also new spear-phishing campaigns such as Operation RusticWeb and FlightNight. 

Another crimeware report by Arete discloses that during Q1, law enforcement continued to put pressure on large Ransomware-as-a-Service (RaaS) companies, significantly impacting LockBit activities. While LockBit and ALPHV's combined activity no longer accounts for the majority of ransomware engagements, Arete saw a much broader and more evenly spread threat landscape, with activity from groups such as 8Base, BianLian, Black Basta, Cactus, DragonForce, Hunters International, HsHarada, Medusa, Phobos, Rhysida, and Trigona.

Furthermore, the trend of fewer organisations paying ransoms persisted, with a ransom paid in 34% of Arete engagements in the first quarter of 2024. Another recent report, Cybernomics 101 by Barracuda, found that 71% of respondents had suffered a ransomware assault in the previous year, with 61% paying the ransom. 

Prevention tips

The researchers believe that backing up critical data is the most effective strategy to recover from a ransomware infestation. There are a few things to consider. Backup files should be appropriately safeguarded and stored offline or out-of-band so that attackers cannot target them. Using cloud services may help alleviate a ransomware outbreak because many retain prior copies of files, allowing you to restore to an unencrypted version. Make careful to test backups on a regular basis to ensure their effectiveness. In the case of an attack, ensure that your backups are not compromised before rolling back. 

Additionally, ensure that all of the organization's operating systems, apps, and software are frequently updated. Applying the most recent updates will help close the security gaps that attackers are attempting to exploit. Wherever possible, enable auto-updates so that you always have the most recent security upgrades.
Read more »
Telegram
API Cyberattacks CyberCrime Cyberhackers Cybersecurity CyberThreat Data Breach Information Compromised Real American Voice SiegedSec Telegram

Data Breach at Real America’s Voice: User Information Compromised

 


In the past few weeks, a group of homosexual, furry hackers called SiegedSec has hacked the far-right media outlet Real America’s Voice, and they have taken it down. As well as hosting far-right commentators such as Steve Bannon and Charlie Kirk, the right-wing media outlet owned by Robert Sigg also plays host to conspiracy theories, such as COVID-19 misinformation, 2020 election conspiracy theories, QAnon, and transphobic content, as well as far-right commentators such as Steve Bannon and Charlie Kirk. 

This group announced on Monday that it had hacked the app of Real America's Voice, a right-wing media outlet, founded in 2020 and regularly featuring far-right activists such as Steve Bannon and Charlie Kirk, in an announcement posted to its Telegram channel. As well as spreading conspiracy theories and transphobic rhetoric, Real America's Voice is often attacked by SiegedSec, a hacker furry collective that has wreaked havoc on the outlet. 

As part of their release, they provided data on over 1,000 users of their app, along with information on hosts Charlie Kirk, Steve Bannon, and Ted Nugent, the latter who wrote a song about wanting to fuck a 13-year-old girl. This hacker was known for destroying Minnesota River Valley Church, which used $6,000 of money to buy inflatable sea lions. 

They were also known for destroying nuclear research facilities and demanding that they focus on cat girls to accomplish their goal. It has been reported that SiegedSec has released personal information about more than 1,200 users using the app, including their full names, telephone numbers, and email addresses, as part of its ongoing hacktivism campaign OpTransRights. Additionally, the group said that they removed the user's data from the app's API as well as its cloud storage system, as well as going poof on the files. 

SiegedSec wrote in their Telegram message about the optics of their actions in regards to the Real America's Voice leak as the company shared it with their followers. We have received concerns throughout the attacks that actions had been conducted against transphobic entities and that our attacks would be construed to label the LGBTQ+ community as ‘terrorists’ and ‘criminals,’ as the group stated. 

It’s important to realize that these types of people are always going to blame the LGBTQ+ community, no matter what we do. They’re going to look for ways to hate, they will not listen to reason, and they’re going to spread lies to discredit people who are different. Data reportedly deleted from the Amazon server included information about the network’s top shows, including those hosted by prominent right-wing figures like Charlie Kirk, Steve Bannon, and Ted Nugent, as well as the top shows on the network. 

There is no information available as to whether SiegedSec's actions resulted in any permanent damage to the organization. Initially launched last year after SiegedSec attacked government websites in five states over the policies regarding transgender healthcare, the #OpTransRights campaign has just been relaunched as a part of the group's recently relaunched #OpTransRights campaign. 

As a result of anti-transgender remarks made by the pastor of River Valley Church in Burnsville, Minnesota, SiegedSec hacked the church on April 1 and launched it again on April 1. SiegedSec also used the church's Amazon account to buy inflatable sea lions worth several thousand dollars worth of money using the church's Amazon account after the hack. 

This hack exposed private prayer requests from 15,000 users of the church's website. After doing that, SiegedSec went on to dox River Valley Church's pastor Rob Ketterling less than a week later. They also noted that in their statement on Monday, they expressed concern that such attacks would negatively impact the LGBTQ+ community.
Read more »
Threat actor
Commonwealth of Independent States Cybersecurity Dark Web Exfiltration Lazy Koala malware password stealer malware Phishing Attacks PT ESC Telegram Threat actor

Lazy Koala: New Cyber Threat Emerges in CIS Region

 

Cybersecurity researchers at Positive Technologies Expert Security Center (PT ESC) recently uncovered a new threat actor they've named Lazy Koala. Despite lacking sophistication, this group has managed to achieve significant results.

The report reveals that Lazy Koala is targeting enterprises primarily in Russia and six other Commonwealth of Independent States countries: Belarus, Kazakhstan, Uzbekistan, Kyrgyzstan, Tajikistan, and Armenia. Their victims belong to government agencies, financial institutions, and educational establishments. Their primary aim is to acquire login credentials for various services.

According to the researchers, nearly 900 accounts have been compromised so far. The purpose behind the stolen information remains unclear, but it's suspected that it may either be sold on the dark web or utilized in more severe subsequent attacks.

The modus operandi of Lazy Koala involves simple yet effective tactics. They employ convincing phishing attacks, often using native languages to lure victims into downloading and executing attachments. These attachments contain a basic password-stealing malware. The stolen files are then exfiltrated through Telegram bots, with the individual managing these bots being dubbed Koala, hence the group's name.

Denis Kuvshinov, Head of Threat Analysis at PT ESC, describes Lazy Koala's approach as "harder doesn't mean better." Despite their avoidance of complex tools and tactics, they manage to accomplish their objectives. Once the malware establishes itself on a device, it utilizes Telegram, a preferred tool among attackers, to exfiltrate stolen data.

PT ESC has notified the victims of these attacks, warning that the stolen information is likely to be sold on the dark web.
Read more »
Telegram
malware Phishing Attacks Social Media Telegram

Telegram Emerges as Hub for Cybercrime, Phishing Attacks as Cheap as $230

Cybersecurity experts raise alarms as Telegram becomes a hotspot for cybercrime, fueling the rise of phishing attacks. This trend facilitates mass assaults at a shockingly low cost, highlighting the "democratization" of cyber threats. In a recent development, cybersecurity researchers shed light on the democratization of the phishing landscape, courtesy of Telegram's burgeoning role in cybercrime activities. 

This messaging platform has swiftly transformed into a haven for threat actors, offering an efficient and cost-effective infrastructure for orchestrating large-scale phishing campaigns. Gone are the days when sophisticated cyber attacks required substantial resources. Now, malevolent actors can execute mass phishing endeavours for as little as $230, making cybercrime accessible to a wider pool of perpetrators. 

The affordability and accessibility of such tactics underscore the urgent need for heightened vigilance in the digital realm. Recent revelations regarding Telegram's involvement in cybercrime underscore a recurring issue with the platform's lenient content moderation policies. Experts emphasize that Telegram's history of lax moderation has fostered a breeding ground for various illicit activities, including the distribution of illegal content and cyber attacks. 

Criticism has been directed at Telegram in the past for its failure to effectively address issues such as misinformation, hate speech, and extremist content, highlighting concerns about user safety. With cyber threats evolving and the digital landscape growing more complex, the necessity for stringent moderation measures within platforms like Telegram becomes increasingly urgent. 

However, balancing user privacy with security poses a significant challenge, given the platform's encryption and privacy features. As discussions continue, Telegram and similar platforms must prioritize user safety and implement effective moderation strategies to mitigate risks effectively. 

"This messaging app has transformed into a bustling hub where seasoned cybercriminals and newcomers alike exchange illicit tools and insights creating a dark and well-oiled supply chain of tools and victims' data," Guardio Labs threat researchers Oleg Zaytsev and Nati Tal reported. 

Furthermore, they added that "free samples, tutorials, kits, even hackers-for-hire – everything needed to construct a complete end-to-end malicious campaign." The company also described Telegram as a "scammers paradise" and a "breeding ground for modern phishing operations." 

In April 2023, Kaspersky revealed that phishers are using Telegram to teach and advertise malicious bots. One such bot, Telekopye (aka Classiscam), helps create fake web pages, emails, and texts for large-scale phishing scams. Guardio warns that Telegram offers easy access to phishing tools, some even free, facilitating the creation of scam pages. 

These kits, along with compromised WordPress sites and backdoor mailers, enable scammers to send convincing emails from legitimate domains, bypassing spam filters. Researchers stress the dual responsibility of website owners to protect against exploitation for illicit activities. 

Telegram offers professionally crafted email templates ("letters") and bulk datasets ("leads") for targeted phishing campaigns. Leads are highly specific, and sourced from cybercrime forums or fake survey sites. Stolen credentials are monetized through the sale of "logs" to other criminal groups, yielding high returns. Social media accounts may sell for $1, while banking details can fetch hundreds. With minimal investment, anyone can launch a significant phishing operation.
Read more »
Website Security
Cyber Phishing Data Beach Phishing scam Telegram Website Security

Decrypting the Threat: Telegram's Dark Markets and the Growing Menace of Phishing Networks

 

In the last few years, social media has gradually become a one-stop shop for scammers. With easily available information, scammers are able to hand-pick their target and create a customized scam for them.

Telegram is one such platform that has also emerged as a hub for all things any scammer might need to create a perfect scam. Information that was once hidden behind the screens of the dark web is now readily and publicly available on Telegram, many of which are even free to access. 

From instructional guides and phishing kits to the services of hackers for hire, this application has increasingly become a comprehensive hub, providing scammers with everything they might require for their illicit activities.

For a newcomer, it is astonishing to see how easy it is to find these marketplaces on Telegram, which were previously deep inside Tor Onion networks. Messages flow incessantly, unveiling an array of products, services, tips, and tricks—knowledge that was once exclusive to the depths of the dark web is now readily accessible. 

One of the most known examples of such a scam is the “Bank of America” phishing page scam which was circulated in the US network. This scam was made to extract the bank account details of potential targets, which were then sold to higher players. 

These scammers who work on the higher chain work by delving into the criminal abyss of cash extraction from these accounts unveils a new echelon of illicit activity, characterized by heightened complexity. This is precisely where the orchestrated network of the scammer's supply chain comes into play. 

Planning a scheme as elaborate as this involves assembling several essential elements: 

Firstly, the foundation lies in crafting a sophisticated phishing web page, often termed a "scam page." To deploy this page seamlessly, a dependable hosting solution is indispensable. An effective email-sending system is then required to initiate the deceptive process. Crafting a compelling email message, strategically designed to lure victims to the scam page, serves as another crucial element. The acquisition of targeted email addresses, known as "Leads," becomes pivotal for precision targeting. Unsurprisingly, there is a separate marketplace that is solely focused on gathering data of potential targets through malicious websites, surveys and pop-up emails offering discounts and free rewards. 
 
Lastly, a mechanism for monetizing the stolen credentials completes the construction. Notably, all these necessary building blocks are readily available on Telegram, with some offered at remarkably low prices, and astonishingly, certain elements are even accessible for free. This holistic approach underscores the alarming accessibility and affordability of these illicit tools within the Telegram ecosystem. 

After analyzing the scam creation process, it's evident that phishing scams exploit compromised security on legitimate websites.

Owners of such sites bear a dual responsibility of safeguarding their business interests and preventing their platforms from being exploited by scammers. This includes protecting against the hosting of phishing operations, sending deceptive emails, and other illicit activities that may occur without their knowledge. Vigilance and proactive measures are essential to ensure the integrity and security of online platforms.
Read more »
Telegram
Amazon Bitcoin Cybeattacks Cyber Threats CyberCrime Cybersecurity OLVX SEO Telegram

Rise of OLVX: A New Haven for Cybercriminals in the Shadows

 


OLVX has emerged as a new cybercrime marketplace, quickly gaining a loyal following of customers seeking through the marketplace tools used to conduct online fraud and cyberattacks on other websites. The launch of the OLVX marketplace follows along with a recent trend in cybercrime marketplaces being increasingly hosted on the clearnet instead of the dark web, which allows for wide distribution of users to access them and for them to be promoted through search engine optimization (SEO). 

Research conducted by Zerofox cybersecurity researchers discovered that there is a new underground market called OLVX (olvx[.]cc) that was advertising a wide variety of hacking tools for illicit purposes and was linked to a large number of hacking tools and websites. 

Researchers at ZeroFox, who detected OLVX at the end of July 2023, have noted a marked increase in activity on the new marketplace in the fall, noticing that both buyers and sellers are increasing their activity on the marketplace. 

There have been several illicit tools and services offered to threat actors by OLVX since its launch on July 1, 2023. As opposed to the other markets that OLVX operates in, it focuses on providing cyber criminals with tools that they can take advantage of during the 2023 holiday peak season in retail. 

ZeroFox found that OLVX marketplace activity spiked significantly in fall 2023 due to more items selling on the marketplace, and buyers rushing to the new store to purchase those items. OLVX is estimated to be the result of leaked OLUX code from 2020/2021, according to an investigation. 

Post-leak stores use improved versions of OLUX code, even though the old OLUX code is outdated. For better accessibility and better web hosting, OLVX hides the contents of its website on Cloudflare. For customer growth, OLVX does not make use of the dark web; instead, it relies on SEO and forums to grow customers.

For customer support, OLVX runs a Telegram channel to provide support. The company's reputation and earnings are boosted by strong relationships with its customers.  Unlike most other markets of this nature, OLVX does not rely on an escrow service to ensure funds are protected.

Instead, it offers a "deposit to direct payment" system which supports Bitcoin, Monero, Ethereum, Litecoin, TRON, Bitcoin Cash, Binance Coin, and Perfect Money as cryptocurrencies. By doing this, users are encouraged to spend more, because funds are always available, so browsing leads to more frequent purchases for the user. 

To maintain privacy and security, customers who are running low on funds are advised to use time-limited anonymous cryptocurrency addresses to "top-off" their accounts, in order to maintain funds. During the holiday season, OLVX and similar marketplaces thrive as cybercriminal hubs, supplying tools for targeting campaigns to cybercriminals during the colder months. 

On the site, OLVX offers hosting via Cloudflare and advertises DDoS protection through Simple Carrier LLC, which is a substandard hosting provider.  Consumers are increasingly putting their security at risk as they shop. 

OLVX is one of the leading tools that criminals use during the holiday season for illicit activities, making this the time of year when criminals run their heists. Due to the unique nature of the platform, an independent verification team can not verify that the above quality and validity claims are accurate, however, users believe that OLVX's rising popularity and established reputation lend credibility to the majority of the claims. 

Interestingly, Zerofox indicates that fraudulent activity on the platform starts to increase as users get closer to the holiday shopping season, which means that buyers should maintain heightened vigilance so as to avoid scams and identify fraud.
Read more »
Telegram
cryptocurrency Cyberattacks Cybersecurity Data Theft Google python Software Supply Chain Telegram

Data Theft Alert: Malicious Python Packages Exposed – Stay Secure

 


Researchers have observed an increasing complexity in the scope of a malicious campaign, which has exposed hundreds of info-stealing packages to open-source platforms over the past half-year, with approximately 75,000 downloads being recorded. 

Checkmarx's Supply Chain Security team has been monitoring the campaign since it started at the beginning of April. Analysts discovered 272 packages with code intended to steal confidential information from systems that have been targeted by this campaign. 

There has been a significant evolution of the attack since it was first identified. The authors of the packages have started integrating increasingly sophisticated obfuscation layers and detection-evading techniques to attempt to prevent detection. 

The concept of an info stealer has evolved from humble beginnings over time to become a powerful info stealer capable of stealing information associated with everyone. 

Crypto and Data Theft 


As the researchers point out, "the Python ecosystem started showing a pattern of behaviour in early April 2023." For example, the “_init_py” file was found to load only when it was confirmed that it was running on a target system rather than in a virtualized environment. This is the usual sign of a malware analysis host, according to the researchers. 

This malware will check for the presence of an antivirus on the compromised endpoint, search for task lists, Wi-Fi passwords, system information, credentials, browsing history, cookies, and payment information saved in your browser as well as cryptocurrency data from wallet apps, Discord badges, phone numbers, email addresses, Minecraft data, and Roblox data. As you can see, the malware checks for these things as well. Additionally, it will also take screenshots of any data that is considered to be of importance and upload it directly. 

Aside from that, the malware causes the compromised system to take screenshots and steal individual files such as those in the Desktop, Pictures, Documents, Music, Videos, and Downloads directories to spread to other systems. 

In addition, the malware monitors constantly the victim's clipboard for cryptocurrency addresses, and it swaps the addresses with the attacker's address to divert the payment to wallets controlled by the attacker. 

Approximately $100,000 worth of cryptocurrency is estimated to have been directly stolen by this campaign, according to the analysts. 

An Analysis of The Attack's Evolution 


There was no doubt that the malicious codes and files from this campaign were found in April packages, since the malicious code was plain text, as reported by the researchers. The researchers also noticed that a multilayered anti-obfuscation had been added to two of the packages by the authors in May to hinder analysis of the packages. 

However, in August, a researcher noted that many packages now have multi-layer encryption. There are currently at least 70 layers of obfuscation used by two of the most recent packages tested by Checkmarx's researcher Yahuda Gelb, as noted in a separate report. 

There was also an announcement that the malware developers planned to develop a feature that could disable antivirus software, added Telegram to the list of targeted applications, and introduced a fallback mechanism for data exfiltration during August. 

There are still many risk factors associated with supply chain attacks, according to the researchers, and threat actors are uploading malicious packages to widely used repositories and version control systems daily, such as GitHub, or package repositories such as PyPi and NPM, as well as to widely used package repositories such as GitHub. 

To protect their privacy, users should carefully scrutinize their trustworthiness as well as be vigilant against typosquatting package names in projects and packages that they trust.
Read more »
Telegram
Casino Cyber Crime Cybercrime boom Gambling Industry Mr. Big Southeast Asian Casinos Telegram

Casinos in Southeast Asia are Encouraging Cybercrime Boom


Mr. Big is having certain problem. He wants to move what he calls his “fraud funds,” back to China. However, restriction is keeping him in doing so. 

Mr. Big, obviously not revealing his real name, took to telegram where he posted an ad to his Telegram channel. In exchange for a 10% cut, he was looking for a "group of smuggling teams" to "complete the final conversion" of the stolen money by smuggling gold and valuable stones into southern China through Myanmar.

While it is still unclear whether Mr. Big succeeded in his plans, his ad has now been deleted and when the infamous investigative newsroom ProPublica tried to contact him, they were unable to get in touch with him. However, the website where he posted his advertisement reveals a lot about the reasons why Americans and individuals all over the world have been the subject of a massive wave of fraud that originated in Southeast Asia and is only now starting to be understood on a much larger scale.

In their recent event of crime investigation, Singapore police seized a whopping sum of more than $2 billion in a case of money laundering executed by a syndicate with alleged ties to organized crime, including "scams and online gambling."

The Telegram channel that contained Mr. Big's request for help was a Chinese-language forum that provided access to "white capital"—cash that has been laundered—and that was "guaranteed" by a casino owner in Myanmar, Fully Light Group. This operator claims to make sure that agreements made on the site are carried out.

Also, Fully Light has its own Telegram channel which provide advertisements of similar services. One such channel has around 117,000 participants, and features advertisements of cryptocurrency swaps for accessing “pure white,” Chinese renminbi or “white capital” Singaporean dollars.

Casinos further aids in such dealings, which is quite apparent. According to a new research conducted by the United Nations Office on Drugs and Crime, a vast number of casinos and other gambling operators in Southeast Asia have turned out to be a primary aspect in the functioning of underground banking system, aiding organized criminal groups. However, the research has not been officially published. 

A report by UNODC notes that currently there are more than 340 physical casinos in Southeast Asia, and several online gambling operators that serve the escalation of infiltration in organized crimes.  

Read more »
VPN
Cyber Security Encrypted Email encrypted messaging apps Encryption End-to-End Encryption internet Security private browser Protonmail Signal app Telegram Tor Browser TutaNota VPN

Top 5 Ways to Encrypt Your Internet Traffic for Enhanced Securit

 

Encryption involves converting data into a format that is unreadable without the corresponding decryption key, thereby bolstering security and preventing unauthorized access.

Securing your internet connection with encryption is indeed possible, but it necessitates a multi-pronged strategy. Here are five approaches to encrypting your internet traffic:

1. Utilize a Private Browser:

Your browser serves as the primary gateway to the internet. If it doesn't shield you from tracking, other security measures won't be as effective. The Tor Browser stands out as a truly private option. It redirects traffic through a series of relays, encrypting it at each step. While it's indispensable for privacy-conscious tasks, its speed may be a limitation for everyday use. In such cases, browsers like Brave or Firefox, while not as robust as Tor, offer enhanced privacy and tracking protection compared to mainstream options like Chrome or Microsoft Edge.

2. Employ a VPN:

The use of a Virtual Private Network (VPN) is recommended, especially when combined with browsers other than Tor. A VPN enhances privacy and complicates efforts to track online activities. However, not all VPN providers are equal. It's crucial to choose one with robust encryption, a strict no-logs policy, protection against DNS leaks, a kill-switch feature, and reliable performance. Ensure thorough testing after selection, and extend VPN use to all devices, not just computers.

3. Embrace Encrypted Messaging Apps:

While a secure browser and VPN are crucial, using an encrypted messaging app is equally important. Opt for apps with end-to-end encryption, ensuring only the sender and recipient can read messages. Signal is highly recommended due to its reputation and emphasis on user privacy. Telegram offers a good alternative, especially for those seeking social features. WhatsApp, despite being owned by Meta, also provides end-to-end encryption and is more secure than many mainstream messaging apps.

4. Switch to an Encrypted Email Provider:

Email services from major companies like Google, Microsoft, and Yahoo collect substantial amounts of user data. By using their services, you not only contribute to Big Tech profits but also expose yourself to potential risks. Consider migrating to an encrypted email provider, which typically offer superior encryption, advanced security measures, and a focus on user privacy. While some advanced features may require payment, providers like ProtonMail, TutaNota, and Mailfence enjoy excellent reputations.

5. Invest in Encrypted Cloud Storage:

File storage plays a crucial role in internet traffic encryption, especially with the widespread use of cloud storage for personal data. Opt for providers offering end-to-end encryption and robust security practices. While numerous options are available, paid encrypted cloud storage services like Icedrive, pCloud, Tresorit, and Proton Drive provide reliable and secure solutions. Free options are scarce due to the substantial costs associated with providing this level of security and infrastructure.

By implementing these measures, you can significantly enhance the encryption of your internet traffic and fortify your overall cyber infrastructure. Additionally, consider local encryption and encrypting your entire hard drive for added security.
Read more »
WhatsApp
alternative messaging apps Cyber Security End-to-End Encryption Privacy Concerns Secure Messaging Signal app SMS security risks SMS vulnerabilities Telegram WhatsApp

Seure Messaging Apps: A Safer Alternative to SMS for Enhanced Privacy and Cybersecurity

 

The Short Messaging Service (SMS) has been a fundamental part of mobile communication since the 1990s when it was introduced on cellular networks globally. 

Despite the rise of Internet Protocol-based messaging services with the advent of smartphones, SMS continues to see widespread use. However, this persistence raises concerns about its safety and privacy implications.

Reasons Why SMS Is Not Secure

1. Lack of End-to-End Encryption

SMS lacks end-to-end encryption, with messages typically transmitted in plain text. This leaves them vulnerable to interception by anyone with the necessary expertise. Even if a mobile carrier employs encryption, it's often a weak and outdated algorithm applied only during transit.

2. Dependence on Outdated Technology

SMS relies on Signaling System No. 7 (SS7), a set of signalling protocols developed in the 1970s. This aging technology is highly insecure and susceptible to various cyberattacks. Instances of hackers exploiting SS7 vulnerabilities for malicious purposes have been recorded.

3. Government Access to SMS

SS7 security holes have not been adequately addressed, potentially due to government interest in monitoring citizens. This raises concerns about governments having the ability to read SMS messages. In the U.S., law enforcement can access messages older than 180 days without a warrant, despite efforts to change this.

4. Carrier Storage of Messages

Carriers retain SMS messages for a defined period, and metadata is stored even longer. While laws and policies aim to prevent unauthorized access, breaches can still occur, potentially compromising user privacy.

5. Irreversible Nature of SMS Messages

Once sent, SMS messages cannot be retracted. They persist on the recipient's device indefinitely, unless manually deleted. This lack of control raises concerns about the potential exposure of sensitive information in cases of phone compromise or hacking.

Several secure messaging apps provide safer alternatives to SMS:

1. Signal
 
Signal is a leading secure messaging app known for its robust end-to-end encryption, ensuring only intended recipients can access messages. Developed by the non-profit Signal Foundation, it prioritizes user privacy and does not collect personal data.

2. Telegram

Telegram offers a solid alternative to SMS. While messages are not end-to-end encrypted by default, users can enable Secret Chats for enhanced security. This feature prevents forwarding and limits access to messages, photos, videos, and documents.

3. WhatsApp

Despite its affiliation with Meta, WhatsApp is a popular alternative with billions of active users. It employs end-to-end encryption for message security, surpassing the safety provided by SMS. It's available on major platforms and is widely used among contacts.

In conclusion, SMS is not a recommended option for individuals concerned about personal cybersecurity and privacy. While it offers convenience, its security shortcomings are significant. 

Secure messaging apps with end-to-end encryption are superior alternatives, providing a higher level of protection for sensitive communications. If using SMS is unavoidable, caution and additional security measures are advised to safeguard information.
Read more »
Telegram
Cyber Attacks DDoS Hactivist Group Messaging Apps Telegram

Hackers Attack Telegram With DDoS After Targeting Microsoft and X

 

Anonymous Sudan has launched a distributed denial-of-service (DDoS) attack against Telegram in response to the messaging platform's decision to deactivate its principal account, according to threat intelligence firm SOCRadar. 

Anonymous Sudan, claiming to be a hacktivist group motivated by political and religious concerns, carried out DDoS attacks against organisations in Australia, Denmark, France, Germany, India, Israel, Sweden, and the United Kingdom. 

The group has been active since the beginning of the year, and on January 18, it launched its Telegram channel, proclaiming its intention to undertake cyberattacks against any entity that opposes Sudan. The group's operations began with the targeting of many Swedish websites. 

However, in June, Microsoft 365, Outlook, Microsoft Teams, OneDrive for Business, and SharePoint Online were the targets of a string of disruptive DDoS attacks launched by Anonymous Sudan, which quickly gained attention. Cloud computing platform Azure from Microsoft was also impacted. Microsoft, which records the group as Storm-1359, confirmed DDoS attacks were the cause of the interruption after Anonymous Sudan boasted about the strike on their Telegram channel. 

With the goal of forcing Elon Musk into establishing the Starlink service in Sudan, the organisation launched a disruptive DDoS attack against X (previously Twitter) in late August. The hacktivists' primary Telegram channel has been moved temporarily as a result of the attack on Telegram, which had a different objective than the group's usual targets but yet failed to accomplish its goal. 

Uncertainty around the ban on Telegram has led the threat intelligence company to speculate that it may be connected to recent attacks on X or the use of bot accounts. Current DDoS and defacement operations are being carried out by the Anonymous Sudan group, which may not be based in Sudan and may actually have connections to the Russian hacking collective KillNet, according to previous reports from SOCRadar and Truesec. 

The group doesn't request the support of pro-Islamic organisations, only communicates with Russian hackers, and mostly posts in English and Russian rather than Arabic. The campaigns that have been noticed also have no connection to political issues regarding Sudan. 

The group also doesn't seem to be associated with the original Anonymous Sudan hacktivists, who first showed up in Sudan in 2019, or with Anonymous, the decentralised, anti-political hacktivist movement.
Read more »
User Security
Fake Apps FlyGram Privacy Signal Plus Messenger Telegram User Security

Threat of Fake Signal and Telegram Apps: Protecting Your Privacy and Security


In today’s digital age, the use of messaging apps has become an integral part of our daily lives. Apps like Signal and Telegram have gained immense popularity due to their focus on privacy and security. 

However, with the rise in popularity of these apps, there has also been an increase in the number of fake apps that pose as extensions or premium versions of these popular messaging platforms. 

In this blog post, we will discuss the recent discovery of fake Signal and Telegram apps that have been found to sneak malware into thousands of Android phones.

The Discovery

Researchers at the cybersecurity firm ESET recently discovered fake apps in the Google and Samsung app stores that posed as extensions or premium versions of the popular messaging platforms Signal and Telegram. 

These malicious apps, called Signal Plus Messenger and FlyGram, were designed to steal user data. When users took certain actions, these fake apps could pull sensitive information from legitimate Signal and Telegram accounts, including call logs, SMS messages, locations and more.

The Implications

By stealing sensitive information from legitimate Signal and Telegram accounts, these malicious apps can compromise the privacy and security of users’ conversations. 

This can lead to identity theft, financial fraud, and other forms of cybercrime. It is therefore important for users to be vigilant when downloading apps from app stores and to only download apps from trusted sources.

Read more »
Subscribe to: Posts (Atom)