ESET malware researchers discovered an Android app posing as the Shagle app, a video chat platform. But here’s the kicker: Shagle is a legit random video chat service that offers encrypted communication between strangers, but it doesn’t have an Android or iOS app version.
By removing the mask from the fake Shagle app, researchers discovered a “trojanized version of the Android Telegram app”, according to the ESET report.
Yes, this “Shagle” Android app is fake
The real The Shagle platform is completely web-based, so if you see an app variant, it’s fake. As mentioned, the app is functional, but in its disguise it is simply an infected version of the Telegram app.
This fake Shagle app is distributed through a scam website posing as the official Shagle page. “The copy site only provides an Android app for download and no web streaming is possible,” ESET researchers said.
The trojanized Telegram app, masquerading as Shagle, is equipped with a backdoor code that can deploy the following spying features on victims:
- phone call recording
- SMS collection
- hang victim call logs
- spy on contact lists
Additionally, once the victim grants the fake Shagle app access to certain services, malicious actors can see incoming notifications. It can also extract communications from 17 apps, including Gmail, Messenger, Skype, Tinder, and more.
The malicious actor behind the fake Shagle app is called StrongPity, according to ESET, a cyber espionage group that has been active for 11 years. The group’s existence was first revealed in 2016, thanks to a report by Kapersky.
It is no surprise that a fake Shagle website has been created to trick online users into downloading an infected Android app. After all, it’s their modus operandi. StrongPity is known to use bogus and deceptive websites that give visitors the impression that they are offering legitimate software tools, but in reality, they are tricked into downloading infected versions of genuine applications.
Although there have been numerous reports of rogue apps slipping through Google Play cracks and destroying users’ phones, you will not find the fake Shagle app in any official Android store. This fraudulent application has been found out from the Google Play Store, packaged as an APK, so the moral of the story is simple. Stick to downloading Android games, services, and other software only from legitimate stores.
Fortunately, according to ESET, Shagle’s copier website is no longer active.