We rank vendors based on rigorous testing and research, but also take into account your feedback and our commercial agreements with providers. This page contains affiliate links.
Disclosure:
Professional Reviews

vpnMentor contains reviews that are written by our community reviewers. These take into consideration the reviewers’ independent and professional examination of the products/services.

Ownership

vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, ZenMate, Private Internet Access, and Intego, which may be reviewed on this website.

Affiliate Commissions Advertising

vpnMentor contains reviews that follow the strict reviewing standards, including ethical standards, that we have adopted. Such standards require that each review will take into consideration the independent, honest and professional examination of the reviewer. That being said, we may earn a commission when a user completes an action using our links, at no additional cost to them. On listicle pages, we rank vendors based on a system that prioritizes the reviewer’s examination of each service, but also considers feedback received from our readers and our commercial agreements with providers.

Reviews Guidelines

The reviews published on vpnMentor are written by community reviewers that examine the products according to our strict reviewing standards. Such standards ensure that each review prioritizes the independent, professional and honest examination of the reviewer, and takes into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings we publish may also take into consideration the affiliate commissions we earn for purchases through links on our website.

Fake Telegram Apps Infect 60k Phones With Spyware

Fake Telegram Apps Infect 60k Phones With Spyware
Author Image Keira Waddell
Keira Waddell Published on 13th September 2023 Senior Writer

Malicious actors have successfully distributed counterfeit versions of Telegram on Google Play targeting Chinese users, infecting over 60,000 Android phones with spyware. Data such as user messages and contact lists were stolen. These deceptive applications were uncovered by Kaspersky, who presented them in a report.

The apps masqueraded as faster versions of Telegram. However, while much of the code is exactly the same as Telegram, there are extra functions to steal user data. Messages received by the user are immediately copied and sent straight to the attacker’s server, along with the chat title and ID, and the sender’s name and ID. The user’s contact list, username, ID, and phone number are also collected and monitored by the spyware.

Google has since taken the offending apps off the Play Store, and stated the following to BleepingComputer: “We take security and privacy claims against apps seriously, and if we find that an app has violated our policies, we take appropriate action. All of the reported apps have been removed from Google Play and the developers have been banned. Users are also protected by Google Play Protect, which can warn users or block apps known to exhibit malicious behavior on Android devices with Google Play Services.”

In a similar vein, ESET warned last month of another two malicious messaging apps which were promoted as more feature-rich versions of Signal and Telegram. These were named Signal Plus Messenger and FlyGram. Signal Plus Messenger was available on the Play Store from July 2022, accumulating around 100 downloads before removal. FlyGram was downloaded 5,000 times since its June 2020 Play Store launch and was available for nearly a year.

The malicious apps used open-source code from Signal and Telegram, closely resembling the legitimate apps. However, the apps embedded BadBazaar, an espionage tool linked to previous attacks on Uyghurs and Turkic minorities. ESET speculates that a China-aligned hacking group, identified as GREF, may be behind this particular campaign.

If you have Signal Plus Messenger or FlyGram on your Android device, immediate action is necessary. Uninstall these apps to safeguard your personal information.

About the Author

Keira is an experienced cybersecurity and tech writer dedicated to providing comprehensive insights on VPNs, online privacy, and internet censorship.