image credit: Unsplash

Trojanized Signal, Telegram apps found on Google Play, Samsung Galaxy Store

ESET researchers have identified two active campaigns targeting Android users, where the threat actors behind the tools for Telegram and Signal are attributed to the China-aligned APT group GREF.

Most likely active since July 2020 and since July 2022, respectively for each malicious app, the campaigns have distributed the Android BadBazaar espionage code through the Google Play store, Samsung Galaxy Store, and dedicated websites posing as legitimate encrypted chat applications — the malicious apps are FlyGram and Signal Plus Messenger.

Read More on Help Net Security