Fake Telegram apps are posing a huge threat to Windows users. It has been reported that the unauthentic version of the messaging app can hack your devices and put your information at risk. The cybersecurity researchers reported that the fake app has the ability to bypass antivirus systems
As per a report by Minerva Labs, fake installers of the Telegram app are being widely circulated on the Internet. It is reportedly being used to distribute Windows-based ‘Purple Fox’ backdoor on compromised systems.
“We found a large number of malicious installers delivering the same ‘Purple Fox’ rootkit version using the same attack chain. It seems like some were delivered via email, while others we assume were downloaded from phishing websites. The beauty of this attack is that every stage is separated into a different file which is useless without the entire file set. This helps the attacker protect his files from AV (antivirus) detection,” the researcher noted in the blog.
Purple Fox was first discovered in 2018. It is apparently one of the most malicious malware that can be planted in a system beyond the reach of security solutions and evade detection. Once it enters the system, it enables the backdoor to spread more rapidly. The security researcher revealed that such threat actors use legitimate software to drop malicious files.
“This time, however, is different. This threat actor was able to leave most parts of the attack under the radar by separating the attack into several small files, most of which had very low detection rates by AV engines, with the final stage leading to Purple Fox rootkit infection,” the researcher said.
It is advisable to download apps for legitimate places such as the Google Play Store or the Apple App Store. The apps carrying suspicious links should be avoided.