Hey guys,

The security team at Cyble has discovered a fake version of the secure messaging application Signal that is loaded with spyware capabilities. The fake version is currently being distributed via bogus web pages set up by hackers to lure unsuspecting people into installing it. If you install this fake version, you will be allowing remote attackers to do the following on your phone:

  • Access phone contacts
  • Receive SMS messages (Like banking codes)
  • Access phone messages
  • Access the camera
  • Access phone call logs
  • Record audio with the microphone
  • Write or delete files to the device
  • Make phone calls
  • Access the phone’s precise location

Here is an extract from their report that you can read HERE

Android Malware Disguised as a Messaging Application

During our routine threat hunting exercise, Cyble Research Labs came across an article wherein the researchers mentioned Bitter APT delivering the Android Spyware “Dracarys.” Bitter aka T-APT-17 is a well-known Advanced Persistent Threat (APT) group active since 2013 and operates in South Asia. It has been observed targeting China, India, Pakistan, and other countries in South Asia.

The Bitter APT is actively involved in both desktop and mobile malware campaigns and uses techniques like spear phishing emails, exploiting known vulnerabilities to deliver Remote Access Trojan (RAT) and other malware families.

Dracarys Android Spyware impersonates genuine applications such as Signal, Telegram, WhatsApp, YouTube, and other chat applications and distributes through phishing sites.

During analysis, we observed that one of the phishing sites is still live and distributing Dracarys. The phishing site mimics the genuine Signal site and delivers a trojanized Signal app.

How do you stay safe?

  • Do not download any application unless it is from the official Google Play Store or the Apple App Store.
  • If you have already downloaded from this website http://signalpremium.com you will need to reset your phone as you have spyware on your device, and you are wide open.

Please let me know if you need any help with this or with anything else.

All the best,

Max 🙂