Malware found in Telegram 'alternative' – cybersecurity firm
MANILA, Philippines – Cybersecurity firm Kaspersky Labs found malware in an app presenting itself as an alternative to popular messaging app Telegram circulating in Central Asia, Kaspersky said in a statement on Monday, October 22.
The app surfaces in light of a possible ban of Telegram in the region, with attackers seeking to embed their malware as users attempt to find Telegram alternatives. Once the fake Telegram-like app is installed, a trojan called Octopus is installed, which provides attackers with remote access to a victim's device.
"Once activated, the Trojan gave the actors behind the malware opportunities to perform various operations with data on the infected computer, including, but not limited to, deletion, blocks, modifications, copying and downloading. Thus, the attackers were able to spy on victims, steal sensitive data and gain backdoor access to the systems," Kaspersky explained.
Kaspersky links the scheme to a Russian-speaking cyber-espionage group called DustSquad, having found similarities in software code between this current campaign and previous ones.
DustSquad operations have been previously detected in former USSR countries in Central Asia and Afghanistan since 2014, Kaspersky said.
While this recent scheme targets Central Asian diplomatic organizations, Kaspersky said that in the past two years, they have seen 4 such campaigns with customer Android and Windows malware that targets private users too.
The method is an example of social engineering, and highlights how hacking groups may take advantage of real-world situations – in this case, a potential Telegram ban – to devise a way into people's devices and spy on them. While this particular campaign is taking place in Central Asia, it is not far from the realm of possibility for this scheme to be applied in other parts of the world, and for apps to disguise themselves as a popular program.
Kaspersky security researcher Denis Legezo advises people to be vigilant about what apps are installed on a system. Companies should also educate staff regarding digital hygiene, and to not download apps from untrusted sources. – Rappler.com