Android Malware ‘FireScam’ Poses As Telegram Premium to Steal User Data

Android Malware 'FireScam' Poses As Telegram Premium to Steal User Data

The latest Android malware called ‘FireScam’ is being shared as a premium variant of the Telegram application through phishing sites on GitHub that impersonate the RuStore, a Russian app market for mobile devices.

About FireScam vulnerability

Russian internet group VK (VKontakte) launched RuStore in May 2022 as an alternative to Apple’s App and Google Play Store, after Western sanctions affected Russian users’ mobile software. RuStore hosts apps that are compatible with Russian regulations, it was built with the assistance of the Russian Ministry of Digital Development.

Experts from threat management company Cyfirma believe the infected GitHub page impersonating RuStore first sends a dropper module named GetAppsRu.apk.

The dropper APK is covered using DexGuard to avoid getting caught and gets permissions that allow it to pinpoint installed applications, giving it access to the device’s storage and further install packages.

Once this is done, it retrieves and deploys the main malware payload  “Telegram Premium.apk” which asks for permissions to track notifications, see clipboard data, telephony services, SMS, and a lot of other things.

What is FireScam capability?

Once

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: