Instant communication services are among the most popular apps on iOS and Android alike - US non-profit operation Signal has an estimated 40 million users, with the figure rising to 700 million for Telegram, another open-source messaging service.
Their popularity has also attracted the scrutiny of threat actors, keen to find a way to sneak malware onto your device.
Often they will produce malicious copycat apps designed to mimic legitimate ones.
They can then distribute them via phishing messages in email, by text, on social media or the communications app itself, taking the victim to a scam page and mislead them into installing what they believe to be an official app.
Or they could direct users to legitimate-looking fake app that may occasionally make it through the strict vetting procedures on the Google Play marketplace.
Apple's iOS platform has a far more locked-down ecosystem and it's even less rare for malicious apps to end up there.
Performance issues, because malicious apps may change the device's settings and features and slow it down.
Ransomware designed to completely lock down the device until a fee is paid.
A 2021 fake update campaign that spread on WhatsApp, Signal and other messaging apps via phishing messages claiming the recipient could obtain a new color theme for WhatsApp.
In reality, the WhatsApp pink theme was Trojan malware which automatically replied to messages received in WhatsApp and other messaging apps with a malicious link.
Once installed, the apps were designed to intercept victims' chat messages in a bid to pilfer their sensitive information and cryptocurrency funds.
China-aligned hackers hid cyberespionage malware known as Android BadBazaar inside legitimate-looking Signal and Telegram apps.
Both app types made it through official vetting and onto the Google Play and Samsung Galaxy Store, before Google/Samsung were made aware of it.
While WhatsApp explicitly bans unofficial versions of its app, the open-source Telegram encourages third-party developers to create their own Telegram clients.
Always stick to official Android app stores, as they have rigorous vetting processes in place to keep malicious apps off the platform.
Always check the developer's reputation online and any reviews for the app - watching out for mention of scams.
Uninstall any apps that you don't use, so it's easier to keep track of what's on your device.
Avoid clicking on advertising online, in case it's part of a scam designed to lead you to a malicious copycat app.
Be wary of granting an app permissions that seem unrelated to its functionality, as it could be malware trying to access your data.
Always use a mobile security solution from a reputable provider as this will help to block malicious installs and/or prevent malware working on your device.
This Cyber News was published on www.welivesecurity.com. Publication date: Thu, 11 Jan 2024 08:43:04 +0000