Introduction

According to a report published by Check Point cybersecurity researchers, a fake version of the Telegram instant messaging application has spread on the Android system, and this version contains malware that threatens users’ security.

Malicious Code and Trojan Virus

When a fake app is installed on a victim’s device, it runs malicious code in the background disguised as an update download service and first collects data about the victim’s device and then establishes a connection to its dedicated server to download additional files, including a Trojan virus called Triada.

Dangerous Capabilities of Triada Virus

The Triada virus can take over the device and infiltrate other system processes, as well as steal money from victims by attracting them to paid services, making digital purchases using a phone number and SMS messages, and stealing passwords and confidential data on the device.

Triada virus is one of the most dangerous viruses infecting Android devices due to its ability to penetrate deeply into the operating system and manipulate system processes and applications, and it usually spreads through infected applications downloaded from untrusted sources.

Previous Instances of Triada Virus

Notably, cybersecurity company Kaspersky Lab also discovered the Triada virus embedded in a modified version of the WhatsApp application at the end of last year and alerted the Indian police a few days before another fake version of the application called “Pink WhatsApp” was distributed.

Precautions to Avoid Malware

The affected Telegram app is not in the Google Play store, but on unofficial external sites, so it is always recommended to avoid downloading apps or updates from external official sources.

These applications are usually advertised as providing additional features that are not in the original official version, which is probably not true and exposes the device to many security risks.