BTC $68279.0927
ETH $3629.5433
BNB $418.8260
SOL $133.0943
XRP $0.6497
stETH $3620.7348
ADA $0.7707
DOGE $0.1827
AVAX $43.0376
DOT $9.8988
wstETH $4204.4051
TRX $0.1402
LINK $20.4333
WETH $3627.8562
MATIC $1.1461
WBTC $68015.7231
UNI $12.3628
BCH $469.5171
LTC $88.8112
IMX $3.1360
ICP $13.3800
CAKE $3.3523
ETC $35.9657
FIL $10.0244
LEO $4.8744
ATOM $12.4782
TON $2.7811
HBAR $0.1174
RNDR $7.3750
KAS $0.1614
INJ $40.6866
DAI $0.9990
OKB $56.8390
VET $0.0495
PEPE $0.0000
XLM $0.1458
FDUSD $0.9965
STX $3.0333
XMR $148.4317
WEMIX $2.7041
LDO $3.2821
NEAR $4.3354
GRT $0.3080
ARB $1.9787
THETA $2.3471
APEX $2.6824
BSV $115.5449
BTC $68279.0927
ETH $3629.5433
BNB $418.8260
SOL $133.0943
XRP $0.6497
stETH $3620.7348
ADA $0.7707
DOGE $0.1827
AVAX $43.0376
DOT $9.8988
wstETH $4204.4051
TRX $0.1402
LINK $20.4333
WETH $3627.8562
MATIC $1.1461
WBTC $68015.7231
UNI $12.3628
BCH $469.5171
LTC $88.8112
IMX $3.1360
ICP $13.3800
CAKE $3.3523
ETC $35.9657
FIL $10.0244
LEO $4.8744
ATOM $12.4782
TON $2.7811
HBAR $0.1174
RNDR $7.3750
KAS $0.1614
INJ $40.6866
DAI $0.9990
OKB $56.8390
VET $0.0495
PEPE $0.0000
XLM $0.1458
FDUSD $0.9965
STX $3.0333
XMR $148.4317
WEMIX $2.7041
LDO $3.2821
NEAR $4.3354
GRT $0.3080
ARB $1.9787
THETA $2.3471
APEX $2.6824
BSV $115.5449
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • An infected version of Telegram is spreading on the dark web to spy on Android users


    ESET researchers have said that the StrongPity APT group is attacking Android users with a trojanized version of the Telegram app, which is distributed through a fake website that mimics Shagle's video chat service.

    The cyber-spy group StrongPity (APT-C-41 and Promethium) has been active since at least 2012 and targets victims in Syria, Turkey, Africa, Asia, Europe and North America.

    In the discovered campaign, cybercriminals distribute a backdoor to Android users that is capable of:

    • record phone calls;
    • track the location of the device;
    • view SMS messages, call log, contacts and files;
    • collect incoming messages from social networks and email clients (for this, the application requests permission to Accessibility Services);
    • download additional components from a remote command and control (C&C) server.

    The infected version of Telegram was made available for download on February 25, 2022. On the same day, a malicious domain was registered. At the moment, the Shagle fake website is not active, but there are indications that this activity is highly targeted due to the lack of telemetry data.

    Notably, the fake version of Telegram uses the same package name as the real app. Therefore, the installation of the malicious version stops on the device on which the legitimate Telegram application is already loaded.

    According to ESET experts, either the attacker first communicates with the potential victim and convinces them to remove Telegram, or the hackers focus on countries where Telegram is rarely used.

    Earlier in 2021, StrongPity distributed Android malware through the Syrian Government Electronic Portal. This was the first known use of Android malware by the group.

    Author DeepWeb
    The security of the Threema messenger protocol turned out to be false
    Iranian government agencies hit by advanced backdoor

    Comments 0

    Add comment