A group of hackers relied on the open source code of the messaging Telegram to create from scratch an application called “Shagle”, infected with spyware.
Even more deceptively, the Shagle platform actually exists. Very well known in the field of random video chat, there is nothing malicious in principle.
No official Shagle app
A website can hide another (counterfeit) one. And this is precisely the specialty of the cybercriminal group StrongPity. Researchers from ESET, a company specializing in security solutions and antivirus publisher, revealed the deception and suspect the group of being behind this umpteenth hack.
Here, it all started with a web page that has been online since the end of 2021, perfectly imitating Shagle’s home page. With a few differences. In addition to the web address different from the original one, there was a button inviting you to download the Android application of the same name. Problem: Shagle does not have an official mobile app. The service relies only on its website which acts as an interface between users who wish to discuss. This is where the downward spiral began for a number of them.
Several types of data collected
According to ESET experts, once the (not very functional) application is installed, its ” eleven modules [ont pu déclencher] recording phone calls, collecting call logs, SMS messages, contact lists, and much more » directly in the application directory. Also, users who granted the fake Shagle app permissions to access notifications and accessibility services exposed their phones to further harm. Among them, ” access to incoming notifications from apps such as Viber, Skype, Gmail, Messenger and Tinder ” Where ” exfiltration of communications », Details ESET.
It remains to be seen how the victims gained access to the fake Shagle site. It’s a safe bet that they were very targeted “says ESET, probably through phishing emails or messages on social networks. According to the security company, its systems have not yet been able to identify these victims.
The fake Shagle application has never been published on the Google Play Store, significantly reducing its scope of action. Being based on the source code and packages of Telegram, it is also impossible that it could have been installed on terminals already equipped with this messaging system in its official version.
According to ESET researchers, the fake app is no longer available for download, ” but hackers can decide to upload an updated version at any time “.
Download
- Group chats for up to 200,000 participants
- Encryption and security of data exchanged
- Sending large files possible
Telegram ranks high among instant messaging apps. Its availability on a large number of platforms, the encryption of the data exchanged as well as its group discussion functionalities make it an application that stands out from the others.
Telegram ranks high among instant messaging apps. Its availability on a large number of platforms, the encryption of the data exchanged as well as its group discussion functionalities make it an application that stands out from the others.
Sources: Welivesecurity (ESET), ESET Newsroom, BleepingComputer
1