Categories: Techno

New virus for Android operating system disguises itself as Telegram messenger and steals user data

Specialists from the information security company Cyfirma have discovered a new malware called FireScam, which is aimed at stealing data from Android users. The malware masquerades as a fake Telegram Premium app and is distributed via a page on GitHub.

According to researchers from Cyfirma, an APK dropper protected from detection by Android security tools was delivered to the victim's device via a malicious page. It received the permissions necessary to scan the device for installed applications, as well as access to the device's storage and permission to download additional packages. The module then extracted and installed the main malware Telegram_Premium.apk, which in turn requested permission to monitor messages, clipboard data, SMS content, etc.

When first launched, the virus displays a data entry page similar to the one seen when logging into Telegram. The data entered by the user is stolen and then used to work with the messenger. FireScam also establishes a connection to the Firebase Realtime Database, where information stolen from the victim's device is transferred. According to Cyfirma, the stolen data is stored in the database temporarily, and after the attackers filter it, it is deleted or transferred to another location.

The virus also establishes a permanent connection to a remote server, which allows attackers to execute various commands on the victim's device, including requesting certain data, setting additional tracking parameters, and downloading additional malicious software. FireScam is able to track changes in activity on the device's screen, recording various events lasting more than 1000 ms. The virus carefully monitors all transactions, trying to intercept the victim's confidential payment data. Everything that the user types and copies to the clipboard is classified and transmitted to a remote server.

While Cyfirma has no guesses as to who is the operator of the new malware, the company noted that the campaign is a «sophisticated and multi-layered threat» that «uses advanced masking techniques». The company's specialists recommend that users be cautious about files they download from potentially unreliable sources.

Natasha Kumar

Natasha Kumar has been a reporter on the news desk since 2018. Before that she wrote about young adolescence and family dynamics for Styles and was the legal affairs correspondent for the Metro desk. Before joining The Times Hub, Natasha Kumar worked as a staff writer at the Village Voice and a freelancer for Newsday, The Wall Street Journal, GQ and Mirabella. To get in touch, contact me through my natasha@thetimeshub.in 1-800-268-7116

Share
Published by
Natasha Kumar

Recent Posts

These zodiac signs can count on financial success. Zodiacal happiness of the week

Money doesn't give happiness, but they definitely help to sleep more calmly. < img src…

25 minutes ago

Taken from life. “I sold a house to help my daughter”: now I sleep on a sofa bed

It was a house with a soul. < img src = "https://zycie.news/crrops/AD1992/620x0/1/0/2025/04/06/sqp4azl48q7ldr3ht0ftcrc4g4g4gnsw0stlSrkv4bb.jpg" alt = "old…

25 minutes ago

Do not add it to the broth! It can be dangerous to health

The broth has been considered the culinary gold of Polish cuisine for generations. < img…

25 minutes ago

Joanna Opozda interrupts silence. These words about Królików will be widely heard

Joanna Opozda again took the floor in one of the most difficult and personal matters…

25 minutes ago

Taken from life. “I fell in love with fifty”: He returned to his wife

I wasn't looking for anyone anymore. < img src = "https://zycie.news/crrops/9ed3e0/620x0/1/0/2024/11/24/kuk0basjh59togpq70undkya5m2zfa8lsdqjy7nc.jpg" alt = "older pair…

25 minutes ago

US space forces warned about the nuclear satellite's creation

< img src = "/uploads/blogs/cc/f5/ib-ib-free0pk72_6240df4a.jpg" ALT = "US space forces warned about the creation of…

1 hour ago