That Telegram Android App You Downloaded May Be a Fake Hiding Malicious Spyware






Thousands of Android devices have been infected with malicious spyware fronting as a popular chat app, Telegram.

The clone apps were downloaded over 60,000 times, according to Bleeping Computer. The apps look nearly identical to the official Telegram but harvests messages, contact lists, files, phone numbers, names, and other personal data from a user’s device.

Kaspersky first learned of the fraudulent apps offering simplified and traditional Chinese versions of Telegram and reported this to Google. 

While chat apps like Telegram and Sling are reasonably safe to use, users need to verify they are downloading the actual app. Modified apps, which use the same name and layout as the original, entice users with additional features and capabilities unavailable on the official app. 

Kaspersky said Telegram “actively encourages” modified apps which put users at risk of security breaches. Because the apps appear verified on Google Play and offer perks the official Telegram doesn’t, users can easily be tricked into downloading an “Evil Telegram” app.

Kaspersky said their experts found minute differences hidden within the app’s code. The variants continuously monitor activity, including whenever a member changes their name or phone number. The information is sent to the creators’ command-and-control server, which Bleeping Computer reports may have ties with “state monitoring and repression mechanisms.”

Google has since removed the malware from the Google Play Store, and a spokesperson released the following statement: 

“We take security and privacy claims against apps seriously, and if we find that an app has violated our policies, we take appropriate action. All of the reported apps have been removed from Google Play and the developers have been banned. Users are also protected by Google Play Protect, which can warn users or block apps known to exhibit malicious behavior on Android devices with Google Play Services.”

While the apps are no longer available to download, anyone who previously did so needs to delete them from their devices immediately. Users who have downloaded Telegram need to verify they’re using the official app, which will say “org.telegram.messenger.web”. In contrast, the malicious apps are packaged as “org.telegram.messenger.wab” and “org.telegram.messenger.wob.”

Disclaimer: To address the growing use of ad blockers we now use affiliate links to sites like, streaming services, and others. Affiliate links help sites like Cord Cutters News, stay open. Affiliate links cost you nothing but help me support my family. We do not allow paid reviews on this site. As an Amazon Associate I earn from qualifying purchases.

Subscribe to Our Newsletter

* indicates required

Please select all the ways you would like to hear from :

You can unsubscribe at any time by clicking the link in the footer of our emails. For information about our privacy practices, please visit our website.

We use Mailchimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp’s privacy practices here.