![An airman unloads medical supplies donated by American non-governmental organizations. [Fotografía: Fuerza Aérea de EE.UU.]](https://thelatestnews.world/wp-content/uploads/2025/01/This-is-the-US-military-base-in-Honduras-key-to-150x141.jpg)
Android users have detected a new malware that is being distributed posing as the Premium version of Telegram that is downloaded from GitHub. Cybercriminals have duplicated the web to distribute a virus with which to spy on notifications, SMS and obtain bank passwords.
The malware known as FireScam has been mainly detected on phishing websites on GitHub that imitate RuStoreRussian mobile application platform. The app store was born in May 2022 as an alternative to Google Play and the App Store after Western sanctions.
GitHub and RuStore often share applications. The apps comply with Russian regulations and are supported by the country’s Ministry of Digital Development, but some violate user rights established by the European Union.
Fake Telegram Premium app available on GitHub sends users to the archive GetAppsRu.apk available in Russian version. The moment you download the installer, cybercriminals can access all the information stored on the device.
Telegram Premium steals user credentials
Generated with AI
FireScam can evade antivirus and Get remote permissions to identify apps installed on the device, access storage, and install additional packages. Once you install Telegram Premium from that APK, the malware asks for permissions to read notifications, clipboard data, or SMS.
Cybercriminals have recreated the Telegram login page using a WebView screen. Users will not only accept permissions for hackers to access their information, they will also steal credentials for this messaging application.
FireScam can monitor changes in screen activity, detecting whether the device is on or off and recording which app is currently active. Malware can also save bank details from online purchases made on your mobile and access password managers.
The malware is connected to a real-time database known as Firebase. Cybercriminals upload stolen data in real time and log the infected device for tracking.
Cyfirma’s team of cybersecurity researchers reports that Stolen data is only temporarily stored in the database. If hackers find useful information, they will leak it to other platforms to carry out all kinds of scams.
Cyfirma has not identified the cybercriminals behind FireScam. The team of researchers recommends not opening this file installed from GitHub, it is a “sophisticated and multifaceted threat that uses advanced evasion techniques,” they say in a release.
Get to know how we work in ComputerToday.
Tags: Malware, Viruses, hackers
Add Comment