Malicious Android Apps Injecting BadBazaar Spyware Found on Google Play Store
- Cybersecurity researchers found malicious Android apps for Signal and Telegram on Google Play Store and Samsung Galaxy Store.
- The apps are crafted to deliver the BadBazaar spyware onto the infected devices.
- The campaign is attributed to China-associated actor, GREF, by Slovakian company, ESET.
- These campaigns have likely been active from July 2020 and July 2022, respectively.
A Trojan in Disguise
Attention tech fans: If there was an Oscar for “Best Spy in a Mobile App Role”, these Android apps for Signal and Telegram would definitely have nominations. Discovered by cybersecurity researchers, these apps have been lurking in the recesses of Google Play Store and Samsung Galaxy Store, innocently pretending to be messengers. Instead, they’re bearing gifts we’d all rather decline – a dose of the BadBazaar spyware. The only ‘signals’ they’re sending are ones of alarm.
Meet the Puppet master: GREF
Now, behind every good villain, there’s usually a puppet master. Slovakian company, ESET has managed to trace these malicious puppet strings back to a China-associated actor endearingly referred to as GREF. But don’t let the friendly moniker fool you, this invisible hand in the shadows has likely had fingers in many data pies since around July 2020 and July 2022, respectively. Talk about a marathon of mischief!
In short, we’ve got some sneaky Android apps for Signal and Telegram hiding out on Google Play Store and Samsung Galaxy Store. These aren’t your run-of-the-mill pranksters, but nefarious programs bearing the much less amusing contribution of the BadBazaar spyware. The brains behind this operation? A China-linked actor going by the name GREF. These operations seem to have been ongoing since July of 2020 and 2022, bringing us all a bit of tech drama we didn’t sign up for. Remember, in the world of cybersecurity, not all is as it “app”ears!