Chinese Spy Operation Placed Fake Signal Apps on Google Play Store, Samsung Galaxy Store
NY MTA feature enables subway trip tracking, Anonymous Sudan claims X DDoS take-down, LockBit claims attack on Montreal electric org, Microsoft delivering malware-type pop-ups, much more
Researchers at ESET report that a fake version of the private messaging app Signal called Signal Plus Messenger has found a way onto Google Play and a version on Samsung’s Galaxy Store that appears to be linked to a Chinese spy operation they call GREF, silently distributing the Android BadBazaar espionage code.
The standard version of Signal allows users to link the mobile app to their desktop or Apple iPad. The malicious Signal Plus Messenger abused that feature by automatically connecting the compromised device to the attacker’s Signal in the background, so all messages were passed onto their account.
The machinations of the attack were the first documented case of spying on a victim’s Signal via secret “autolinking.” The same code seen in Signal Plus Messenger was previously used to target Uyghurs.
While the att…
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.