Fake apps are a big problem and difficult to catch due to their sophisticated social engineering techniques.
There are many apps that copy popular apps like PayPal and Spotify. Security researchers have discovered another fake app masquerading as a premium version of Telegram, a messaging app that has been downloaded over 1 billion times. Hackers are using this app to spread malware called FireScam. All the information you enter on your Android smartphone and other personal information can be stolen.
Since it tracks your keyboard, it also captures all your passwords, potentially allowing hackers to access sensitive data.
We’re giving away the latest and greatest Airpods Pro 2
android mobile phone (Kurt “Cyber Guy” Knutson)
What you need to know about FireScam
According to reports Threat management company CyfirmaFireScam is a type of malware that targets Android devices and steals personal information. It works like spyware and monitors activities on your Android smartphone, such as reading notifications, messages, clipboard contents, etc.
Hackers are spreading FireScam disguised as a premium version of Telegram. They created a fake website on GitHub that resembles RuStore (Russia’s real app store). Once you visit this fake site, you will be tricked into downloading an app similar to Telegram Premium. However, this app was actually a trap. Once installed, FireScam malware will download to your device and begin stealing your personal data.
To avoid detection, the app is heavily disguised using a tool called DexGuard. It will ask for permission to access your storage, see installed apps, and install more software. When you open the app, you’ll see a fake Telegram-like login page. Once you enter your details, your credentials will be stolen.
The stolen data is first stored in the Firebase Realtime Database, but then moved by the hacker to a private server. The malware also registers a unique ID on each compromised device, allowing hackers to track their victims.
man using mobile phone (Cypharma)
Android banking Trojan evolves to evade detection and attack globally
FireScam can steal almost everything on your phone
According to Cyfirma’s analysis, FireScam malware is highly effective at stealing almost all types of data from infected Android devices. It categorizes and sends directly to hackers all the data you type, drag and drop, copy to clipboard, and even automatically entered by your password manager or exchanged between apps.
The malware also monitors device state changes such as screen on/off and tracks e-commerce transactions to retrieve financial details. It also spies on messaging apps to steal conversations, monitor screen activity, and upload important events to servers for further exploitation.
What is artificial intelligence (AI)?
fake telegram premium app (Kurt “Cyber Guy” Knutson)
Android banking Trojan impersonates Google Play to steal data
6 ways to protect yourself from fake apps
1. Download apps only from official stores. Always use trusted app stores like Google Play or Apple App Store to download apps. These platforms have security measures in place to detect and remove fake or harmful apps. Avoid downloading apps from random websites, pop-up ads, or unofficial third-party stores as these are common sources of fake apps.
2. Check the app developer. Before installing an app, check who created it. Look at the developer’s name and make sure it matches the official company behind the app. Fake apps often copy the names of popular apps, but slightly change the spelling or use extra characters. For example, a fake may be called “PayPaal” instead of “PayPal.”
CLICK HERE TO GET FOX BUSINESS ON THE GO
3. Pay attention to reviews and ratings: Reviews and ratings let you know how reliable the app is. If an app has mostly negative reviews, few downloads, or general comments like “great app,” the app may be fake. Genuine apps typically go through a number of detailed reviews over time. Be wary of apps that have 5-star ratings but no specific feedback.
4. Pay attention to app permissions. Check the permissions the app requests before installing. For example, the Flashlight app doesn’t need access to your contacts or messages. If an app is requesting permissions that don’t match its purpose, that could be a red flag. Always deny permissions that you believe are excessive or unnecessary.
5. Keep your phone and apps updated. Regular updates Operating systems and apps often include important security fixes that protect your device from malware. Enabling automatic updates ensures you always have the latest protection.
6. Use strong antivirus software. Install powerful antivirus software on your Android. These tools can scan apps for malware, detect suspicious activity, and block harmful downloads. Strong antivirus software provides an extra layer of defense, especially when browsing and downloading apps. This protection also warns you about phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best antivirus protection products of 2025 for Windows, Mac, Android, and iOS devices.
Cart important points
FireScam malware is a powerful tool that can steal everything on your phone and is difficult to detect if you are not careful. Such apps cannot be distributed through legitimate app stores such as the Play Store or App Store, so they rely on third-party stores and fake websites to spread. The best approach to stay safe is to use verified app stores and avoid downloads from untrusted sources.
CLICK HERE TO GET THE FOX NEWS APP
Email us at When was the last time you read the permissions an app requests? Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report newsletter using the link below. Cyberguy.com/Newsletter.
Ask your cart a question or let us know your story you’d like us to feature.
Follow Kurt on his social channels.
Answers to CyberGuy frequently asked questions:
New from cart:
Copyright 2025 CyberGuy.com. Unauthorized reproduction is prohibited.
