Fake Telegram on APKPure Steals SIM and Photos to HK

Cybersecurity researcher Eric Parker took a peek inside the APK file of Telegram downloaded from the popular third-party store APKPure. What he found wasn't just some messy code, but a fully functional espionage toolkit masquerading as a simple chat app.

The app contains a hidden class called DataCollector that is completely absent from the official version. This rogue code silently copies phone numbers, profile details, device files, media, and even sensitive SIM card data before packaging it up and shipping it off to a remote server located in Hong Kong. The extraction mechanism is seamlessly integrated into the app's startup routine, firing up the moment a user logs into their account.

When investigators checked the digital signature of this particular APKPure build, they realized it didn't match the official signature from the real Telegram developers. Worse, when the file was uploaded to the security scanning service VirusTotal, only a single lonely antivirus engine out of 56 flagged it as malicious — apparently, the other 55 were busy taking a digital nap.

This is not the first time the alternative app store has hosted digital traps, proving that consistency is indeed key. Back in 2021, analysts discovered the notorious Triada trojan embedded directly within the official APKPure client app itself. More recently, users flagged compromised versions of Telegram X circulating on the platform with digital signatures that were clearly forged.

It seems the dream of escaping the monopoly of official app stores always ends with someone's personal photos sitting on a server in China. People will gladly bypass basic security protocols just to save a few megabytes or bypass a regional block, only to act shocked when their digital identity gets cloned.

Source: Eric Parker on X