An application posing as Signal messaging could be downloaded from the Play Store and Samsung’s mobile store. This malicious app could intercept messages sent by users.
Signal Plus Messenger: If this application is on your Android smartphone, you should remove it immediately. ESET security researchers have determined thatit was malicious software whose purpose is to monitor users’ messages. Developed by the China-linked GREF hacker group, the malware specifically targeted the Uighur community, persecuted by the Chinese government.
Pirates who are not at their first attempt
The app was available on the Play Store, before Google took it down. More worrying, it is still present on the Galaxy Store while Samsung was warned in May by ESET. Signal Plus Messenger takes over the Signal interface and works the same way.
Official messaging allows users to link the mobile app to their iPad or PC. Signal Plus Messenger exploited this feature by automatically connecting the compromised device to the hacker’s Signal, all without the legitimate user knowing anything about it. Therefore, all messages passing through the malicious app were forwarded to the hacker’s account.
According to Lukas Stefanko, who discovered the pot of roses, this is the first documented case of espionage with Signal with a secret automatic linking system. The malware developers not only found a way to monitor communications via Signal, but also tricked two of the biggest tech companies in the world. Rather disturbing…
Meredith Whittaker, president of Signal, also thanks Google for having removed the fake application: “ We hope that [Google] will do more in the future to avoid these scams on their platform“. She urges Samsung to do the necessary.
The GREF hackers are also at the origin of another malicious application pretending to be another: it is Flygram which aped Telegram, and it was distributed on the Play Store and the Galaxy Store.
Source :
Forbes