ESET security researchers discovered (what they allege) two separate Chinese spy campaigns targeting US and European Android users. Their strategy involves the creation of counterfeit versions of popular encrypted messaging apps, Signal and Telegram, both readily available on the Google Play Store. The primary objective behind these bogus applications is to compromise the security of Android users.

Attributed to a threat group suspected to be aligned with China, known as GREF, these fraudulent apps closely mimic the appearance and functionality of the genuine Signal and Telegram apps. However, beneath this deceptive facade lies malicious software capable of unauthorised data access and message interception.

Notably, this malware was previously employed to target specific ethnic minority groups within China. In this latest campaign, the hackers have expanded their scope to target a broader user base.