A recent discovery has uncovered a dangerous spyware campaign known as “Evil Telegram” that poses a significant threat. This campaign disguises itself as legitimate Telegram “mods” and has been downloaded tens of thousands of times from the official Google Play app store [1] [3]. These modified applications [1] [3], which are known for their additional features and are encouraged by Telegram, have now become a new avenue for cybercriminals to engage in cyberespionage.


Once installed, the spyware monitors all activity within the messenger and extracts sensitive information [3], including contacts, messages [3], and account owner details [3]. One example of this spyware is a set of infected apps called “Paper Airplane,” which claim to be faster versions of Telegram and have already been downloaded over 60,000 times [3]. This poses a particular risk to the Uyghur minority in China [3], who have previously been targeted with spyware [3]. However, businesses should also be aware of the threat posed by malicious messaging apps [3], as infected apps can lead to unauthorized access to sensitive data and compromise employee personal information [3].

To protect against mobile spyware [3], businesses should remind employees to only use official applications and avoid alternative clients for popular messengers [3]. Several recent studies have highlighted the need for caution when using messenger mods, such as those for Telegram [2]. While Telegram supports the creation of alternative clients [2], there have been instances of spyware versions of Telegram and Signal found on Google Play and the Samsung Galaxy Store [2]. These fake apps not only mimic the official clients but also steal user data and spoof cryptowallet addresses to intercept transfers [2]. It is worth noting that these mods are often distributed through fake sites and YouTube channels rather than official app stores [2].


The discovery of the “Evil Telegram” spyware campaign highlights the significant threat posed by malicious messaging apps. It is crucial for businesses to take precautions to protect sensitive data and employee personal information. Reminding employees to only use official applications and avoiding alternative clients can help mitigate the risk of unauthorized access. Additionally, the presence of spyware versions of popular messaging apps on official app stores calls for increased vigilance when downloading and using these apps. The impact of these spyware campaigns extends beyond individual users, as they can also target specific groups, such as the Uyghur minority in China [3]. Moving forward, it is essential for businesses and individuals to stay informed about the latest threats and take proactive measures to safeguard their digital security.


[1] https://www.darkreading.com/attacks-breaches/evil-telegram-spyware-campaign-infects-60k-mobile-users
[2] https://www.kaspersky.com/blog/telegram-signal-malware-in-google-play/48937/
[3] https://www.threatshub.org/blog/evil-telegram-spyware-campaign-infects-60k-mobile-users/