Android owners are strongly advised to remove one app: which one

Everything a user types can be viewed and copied by hackers. The malicious app is advertised as “Telegram Premium”, but hides FireScam.

A new type of malware for Android has been discovered, masquerading as a “premium” version of the popular messaging app. The Sun writes about this.

Once downloaded, the rogue “clone” app gives hackers a key to your device, allowing them to read everything on your screen, including text messages and credit card information.

The app is advertised as “Telegram Premium” to hide the FireScam malware. Telegram is a messaging app, but it doesn't have a “premium” version.

Cybersecurity researchers from Cyfirma found that the app is being distributed on phishing sites that mimic RuStore — the Russian version of the Google Play Store.

While it's good news that the app isn't available for download on the official Play Store, it could put Android owners who are open to downloading third-party apps at risk.

The “Telegram Premium” malware requests permissions to monitor notifications on the device, as well as all SMS and phone calls immediately after downloading. When victims open the app, they are prompted to enter their Telegram login, which allows hackers to steal their credentials for the messaging service. Once the hackers have full control over the victim’s Telegram account, they transfer all the stolen information to a separate database.

The malware also closely monitors all online transactions made through the Android device, which could allow hackers to access the victim’s financial data. Anything the user types can be viewed and copied by the hackers.

The malware can intercept data that is auto-filled, such as passwords from password managers.