Make sure you check an app’s name before you download it: Telegram, for instance, had an evil twin on Google Play named “Teligram.” According to Symantec, which discovered its existence, its profile and description on the store mirrored the authentic app’s, with the only difference being the slightly altered logo. It was also branded as “New version updated” in an effort to fool users into thinking it’s the new version of Telegram. And it probably could’ve fooled people, too, since it actually works as a messaging platform.
Teligram (with the “i”) served ads within the chat list and also showed full-screen advertisements. While it didn’t seem to have malicious content, it’s still good to know that Google Play has already pulled it down. Symantec has discovered another fake Telegram app that can install malware into your system, though. That one was built using the real app’s open source code and is being distributed on third-party platforms with the same package name (org.telegram.messenger). Once you install it, a hacker can add a backdoor or an ad clicker to your system. Thankfully, it’s easy to avoid it: simply don’t install apps from sketchy websites.
Apps on Google Play like Teligram are more deceptive, and it’s definitely not the first time Symantec has spotted an impostor on the official store. Just a while ago, the security firm also found a phony Uber app that can steal your log-in credentials. It even deep links to a URL in the real application to look legit.