This fake app clone will steal everything you type on your Android

In Science & Environment
January 09, 2025
This fake app clone will steal everything you type on your Android


Fake apps are a big problem, and their clever social engineering tricks make them hard to catch. 

There are tons of these apps out there mimicking popular apps like PayPal and Spotify. Security researchers have found another fake app pretending to be the premium version of Telegram, a messaging app with over a billion downloads. Hackers are using this app to spread malware called FireScam. It can steal everything you type on your Android phone and other personal info. 

Since it tracks your keyboard, it also gets all your passwords, which could give hackers access to sensitive data.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Android phone (Kurt “CyberGuy” Knutsson)

What you need to know about FireScam

As reported by threat management company Cyfirma, FireScam is a type of malware that targets Android devices to steal personal information. It works like spyware, keeping an eye on what you do on your Android phone, such as reading your notifications, messages, clipboard content and more. 

Hackers are spreading FireScam by pretending it’s a premium version of Telegram. They’ve created a fake website on GitHub that looks like RuStore (a real app store in Russia). When people visit this fake site, they’re tricked into downloading an app that looks like “Telegram Premium.” However, this app is actually a trap. Once installed, it downloads the FireScam malware onto your device and starts stealing your personal data.

To avoid detection, the app is heavily disguised using a tool called DexGuard. It asks for permissions to access your storage, check installed apps and install more software. When you open the app, it shows a fake login page that looks like Telegram’s. If you enter your details, it steals your credentials.

The stolen data is first stored in a Firebase Realtime Database, but hackers later move it to private servers. The malware also registers each compromised device with a unique ID so hackers can keep track of their victims.

Man on phone

A man using his phone (Cyfirma)

ANDROID BANKING TROJAN EVOLVES TO EVADE DETECTION AND STRIKE GLOBALLY

FireScam can steal almost everything on your phone

According to Cyfirma’s analysis, the FireScam malware is highly effective at stealing nearly all types of data from an infected Android device. It categorizes and sends anything you type, drag and drop, copy to the clipboard or even data automatically filled by password managers or exchanged between apps directly to the hackers.

The malware also monitors device state changes, such as when the screen turns on or off, and tracks e-commerce transactions to capture financial details. Plus, it spies on messaging apps to steal conversations and monitors screen activity, uploading key events to its server for further exploitation.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

fake app

Fake Telegram Premium app (Kurt “CyberGuy” Knutsson)

ANDROID BANKING TROJAN MASQUERADES AS GOOGLE PLAY TO STEAL YOUR DATA

6 ways to stay safe from fake apps

1. Download apps only from official stores: Always use trusted app stores like Google Play or the Apple App Store to download apps. These platforms have security measures to detect and remove fake or harmful apps. Avoid downloading apps from random websites, pop-up ads or unofficial third-party stores as these are common sources of fake apps.

2. Verify the app’s developer: Before installing an app, check who created it. Look at the developer’s name and ensure it matches the official company behind the app. Fake apps often copy the names of popular apps but use slightly altered spellings or extra characters. For example, a fake might be called “PayPaal” instead of “PayPal.”

GET FOX BUSINESS ON THE GO BY CLICKING HERE

3. Pay attention to reviews and ratings: Reviews and ratings can give you insight into an app’s authenticity. If an app has mostly negative reviews, very few downloads or generic comments like “Great app,” it could be fake. Genuine apps typically have a large number of detailed reviews over time. Be cautious of apps with five-star ratings but no specific feedback.

4. Be cautious of app permissions: Check the permissions the app requests before installing. A flashlight app, for example, shouldn’t need access to your contacts or messages. If an app is asking for permissions that don’t align with its purpose, it could be a red flag. Always deny permissions that seem excessive or unnecessary.

5. Keep your phone and apps updated: Regular updates for your operating system and apps often include important security fixes that protect your device from malware. Turning on automatic updates can ensure you always have the latest protections.

6. Use strong antivirus software: Install strong antivirus software on your Android. These tools can scan apps for malware, detect suspicious activity and block harmful downloads. Strong antivirus software provides an extra layer of defense, especially when browsing or downloading apps. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

SUBSCRIBE TO KURT’S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO WORK ALL OF YOUR TECH DEVICES

Kurt’s key takeaway

The FireScam malware is a powerful tool that can steal everything on your phone, and it’s tough to detect if you’re not careful. Such apps can’t be distributed through legitimate app stores like the Play Store or the App Store, so they rely on third-party stores and fake websites to spread. To stay safe, the best approach is to stick to verified app stores and avoid downloading from untrustworthy sources.

CLICK HERE TO GET THE FOX NEWS APP

When was the last time you read through the permissions an app asked for? Let us know by writing us at Cyberguy.com/ContactCyberguy.com/NewsletterAsk Kurt a question or let us know what stories you’d like us to coverCyberGuy.com.