Clones of WhatsApp, Telegram and Signal apps used to distribute malware. How to protect ourselves

Clones of WhatsApp, Telegram and Signal still remain a popular vehicle for the distribution of malware, draw the attention of the specialists of the company Eset – specialized in digital security.

WhatsApp, Telegram and Signal clones used to distribute malware – PHOTO Shutterstock

We are talking about popular messaging apps that many of us use, such as WhatsApp. Hackers launch clones of WhatsApp, Signal or Telegram in app stores to use to distribute malware.

If Signal has 40 million users, Telegram has 800 million, according to Datareportal. While Meta-owned WhatApp has 2.78 billion monthly active users, according to Satista.

And in Romania, WhatsApp is the most used messaging application, according to, there are almost 9.7 million users in our country, and some experts estimate that the number would be even higher.

But, “their popularity has also attracted the attention of threat actors eager to find a way to sneak malware onto your device. This could cost you dearly and even affect your employer. Malicious code developers have become quite adept at tricking users into downloading their products“, as Eset expert Phil Muncaster points out.

According to the cybersecurity specialist, hackers spread malicious apps built to mimic the real ones, then distribute them using messages like “phishing”, by email, SMS, on social networks or even through messaging applications. The victim is led “on a web page used for phishing and convincing it to install what it thinks is an official application“, according to the cited source.

Occasionally, fake apps also appear in app stores, even though some have strict verification systems, such as Google Play or the iOS platform, where “it is much less likely that malicious applications will end up there“.

Eset analysts discovered a fake update campaign in 2021 that spread to WhatsApp, Signal and other messaging apps through phishing messages that claimed the recipient could get a new color theme for WhatsApp. In reality, this was a Trojan malware that automatically spread a malicious link through messages received in WhatsApp and other messaging applications, Agerpres reports.

Moreover, dozens of other websites were copying WhatsApp and Telegram and promoting malicious messaging apps known as “clippers“(apps designed to steal information or modify the contents of the device's clipboard). In this way, victims were first lured by Google ads leading to fraudulent YouTube channels, which then redirected them to the copied websites. Once installed, the apps intercepted victims' chat messages in an attempt to steal sensitive information and cryptocurrency funds.

Another incident featured hackers allied with China hiding a cyber-espionage malware dubbed Android BadBazaar inside legitimate-looking Signal and Telegram apps. Both types of applications managed to pass the official verification and reach Google Play and the Samsung Galaxy Store, before they reported, write those from Eset.

Risks of fake apps

Such an application can steal personal data, steal banking information, slow down the operation of the device. Some may record your conversations, messages, or other personal information, while others may lock your device completely until a ransom is paid.

Moreover, hackers can use app clones to subscribe to premium rate services, “which the malware can later covertly call, racking up huge bills on behalf of the victim”, say Eset experts.

Moreover, they can also be used for “corporate cyber-attacks aimed at stealing credentials or business data stored on the device in order to access sensitive company data or install ransomware“, according to the cited source.

Protection measures

To reduce the chances of installing a malicious application on your device, company representatives suggest that you should always access the official Android application stores.

Also, protection measures include: updating the operating system and device software to the latest version, not accessing links or documents attached in unsolicited messages received on social networks or in emails, caution before granting permissions to an application which do not seem to be related to its functionality, the use of a security solution from a trusted provider, the possibility of using biometric authentication instead of using simple passwords.

The company's experts that provide malware detection and analysis services also advise us to pay attention to the name and description of the application.

If something doesn't sound right about the app's name, description, and “official app” claims or developer pedigree, there's a good chance you're dealing with a fake app“, write the specialists.

We should also be wary of persistent pop-up ads, at “the icons” unusual and to the way our phone works, if it is slower than normal.