The StrongPity APT hacking group is disseminating a bogus Shagle chat app that is a trojanized version of the Telegram for Android app with a backdoor added. Shagle is a legitimate random video chat platform that allows strangers to communicate through an encrypted communications channel.
However, the platform is entirely web-based and does not include a mobile app. Since 2021, StrongPity has been using a phony website that impersonates the official Shagle site to trick victims into downloading a malicious Android. Once installed, this app allows hackers to spy on their targets by monitoring phone calls, collecting SMS texts, and stealing contact lists.
StrongPity, also known as Promethium or APT-C-41, was previously linked to a malware-infecting campaign that distributed trojanized Notepad++ installers and malicious versions of WinRAR and TrueCrypt.
ESET researchers found the latest StrongPity activity and linked it to the espionage APT group based on code similarities with previous payloads. Furthermore, the Android app is signed with the same certificate that the APT used to sign an app in a 2021 campaign that mimicked the Syrian e-gov Android application.
Trojanizing the Telegram app
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: