January 10,2025
5 mins
A robust Android malware named FireScam is making headlines, posing as a premium version of the Telegram messaging app to steal vital data and take advantage of constant remote entry to victims’ devices. Cybersecurity firm Cyfirma has defined the malware as a “sophisticated and multifaceted threat” that uses phishing tactics and advanced evasion strategies.
Table of Contents!
Fake Telegram Premium App: A Multi-Stage Attack Phishing Tactics and Broader Implications Exploiting Trust to Steal Data How AVP Suite Safeguards Against Threats and Data Theft Key Takeaway! |
FireScam is a type of malware that originates from a phishing site known as rustore-apk.github[.]io, which is a near clone of RuStore – a well-known app store operated in Russia by VK. The phishing site leads to the download of a dropper APK called GetAppsRu.apk, which begins the infection process on the victim’s device.
After the dropper is installed on an Android device running 8 or higher, it will request multiple permissions, such as the ability to write files to external storage, manage application lists, and update the application. Once the victim provides these permissions, the dropper installs the main payload that exfiltrates sensitive data (notifications, messages, and other installed applications) to a Firebase Realtime Database endpoint.
One of the malware’s standout features is its ability to declare itself as the “update owner” of the app, ensuring that no other sources can override its updates without user approval.
Cyfirma states, “The ENFORCE_UPDATE_OWNERSHIP permission restricts app updates to the app’s designated owner. The initial installer of an app can declare itself the ‘update owner,’ thereby controlling updates to the app.”
FireScam is also obfuscated, and it employs anti-analysis techniques to aid in evading detection. The malware monitors several different data sources, such as notifications, clipboard content, screen activity, and e-commerce transactions, to extract valuable data. FireScam can also download and process picture files from a designated link as well.
Related Read: Combatting Malware: 12 Signs & Solutions of Malware
When users open the fraudulent Telegram Premium app, it attempts to access sensitive information like contact lists, call logs, and SMS messages. To further deceive victims, it presents a fake login page for the legitimate Telegram website in a WebView. No login is required because the malware collects and exfiltrates data regardless of whether victims log in or not.
FireScam employs Firebase Cloud Messaging (FCM) notifications to receive remote commands, which means users are monitored and controlled without their knowledge. FireScam also sets up a WebSocket connection with its command-and-control (C2) server, which allows for ongoing data theft and follow-up actions.
Cyfirma has also discovered another malicious artifact, called CDEK, hosted on the same phishing domain. Details about CDEK are still unknown; however, it appears to reference a Russia-based tracking service for packages and deliveries, further intensifying the threat landscape.
The operators behind FireScam remain unknown, as do the exact methods used to lure users to the phishing site. It is suspected that SMS phishing (smishing) or malvertising techniques might be involved.
Also Read: Are You a Spyware Target? How to Stay Protected from Spyware
“By mimicking legitimate platforms such as the RuStore app store, these malicious websites exploit user trust to deceive individuals into downloading and installing fake applications,” Cyfirma warned.
FireScam showcases the increasing sophistication of phishing-based attacks, combining advanced obfuscation techniques with innovative social engineering to remain under the radar and compromise devices. This malware reminds users to be mindful of the apps they download—particularly from unknown sources—because cybercriminals will continue to exploit trust in bona fide platforms to execute their criminal activities.
Want to Read the Latest Cybersecurity News?Stay Updated with AVP Daily |
Discover how AVP Total Security acts as a digital shield, protecting your devices and personal information from malware, phishing scams, and data breaches. With advanced features and real-time monitoring, AVP Suite ensures your online safety and privacy at all times.
Well, AVP Suite provides impenetrable malware protection that works tirelessly to spot and eliminate different types of malware before they can harm the devices. This gives you an upper hand in preventing malware scams.
Additionally, you can get strong ransomware protection with AVP Suite, mitigating any potential risks. This ensures your files are well protected, where AVP prevents any hackers from accessing them.
With AVP Suite, you witness a phishing scam-free browsing experience. Its cutting-edge scam detection is designed to spot and block phishing scam attempts. Besides, it sends you on-time alerts on fake emails, websites, or messages, securing your personal or financia
The suite effectively removes intrusive adware that can compromise your privacy and disrupt your online experience.
Well, nothing passes from the sharp scanning capabilities of AVP Suite that eliminates any scam attempt to access your data. This guarantees your device’s safety.
Read More: How Anti-Tracking Software Can Shield Your Data: Say Goodbye to Trackers!
AVP Suite ensures real-time monitoring, providing strong online data safety. It works rigorously to scan any threat and unusual activity so that you can browse and scroll without any worry.
AVP Suite scans dark web thoroughly and sends you a real-time alert in case your sensitive information, such as email addresses or passwords, are visible in the dark web, This lets you to take immediate action to safeguard the information.
AVP Suite secures your online data privacy by stopping unauthorized access and encrypting sensitive data to ensure secure utilization throughout all devices.
With multiple layers of cybersecurity, AVP Suite safeguards against evolving threats, ensuring peace of mind that your data and devices are in safe hands
AVP Total Security is your ultimate defense against cyber risks, offering proactive protection for all aspects of your digital life.
As hackers relentlessly target Android users with malicious schemes like FireScam malware, safeguarding your personal data has never been more critical. The good information?
You can outsmart cybercriminals with the proper defense. AVP Suite is your best solution to neutralize threats, prevent data theft, and secure your online activities. Equipped with advanced malware safety and real-time threat detection, it provides the comprehensive shield you need in today’s digital battlefield.
Don’t let hackers win the game—empower yourself with AVP Total Security now!
A robust Android malware named FireScam is making headlines, posing as a premium version of the Telegram messaging app to steal vital data and take advantage of constant remote entry to victims’ devices. Cybersecurity firm Cyfirma has defined the malware as a “sophisticated and multifaceted threat” that uses phishing tactics and advanced evasion strategies.
FireScam is a type of malware that originates from a phishing site known as rustore-apk.github[.]io, which is a near clone of RuStore – a well-known app store operated in Russia by VK. The phishing site leads to the download of a dropper APK called GetAppsRu.apk, which begins the infection process on the victim’s device.
After the dropper is installed on an Android device running 8 or higher, it will request multiple permissions, such as the ability to write files to external storage, manage application lists, and update the application. Once the victim provides these permissions, the dropper installs the main payload that exfiltrates sensitive data (notifications, messages, and other installed applications) to a Firebase Realtime Database endpoint.
One of the malware’s standout features is its ability to declare itself as the “update owner” of the app, ensuring that no other sources can override its updates without user approval.
Cyfirma states, “The ENFORCE_UPDATE_OWNERSHIP permission restricts app updates to the app’s designated owner. The initial installer of an app can declare itself the ‘update owner,’ thereby controlling updates to the app.”
FireScam is also obfuscated, and it employs anti-analysis techniques to aid in evading detection. The malware monitors several different data sources, such as notifications, clipboard content, screen activity, and e-commerce transactions, to extract valuable data. FireScam can also download and process picture files from a designated link as well.
Related Read: Combatting Malware: 12 Signs & Solutions of Malware
When users open the fraudulent Telegram Premium app, it attempts to access sensitive information like contact lists, call logs, and SMS messages. To further deceive victims, it presents a fake login page for the legitimate Telegram website in a WebView. No login is required because the malware collects and exfiltrates data regardless of whether victims log in or not.
FireScam employs Firebase Cloud Messaging (FCM) notifications to receive remote commands, which means users are monitored and controlled without their knowledge. FireScam also sets up a WebSocket connection with its command-and-control (C2) server, which allows for ongoing data theft and follow-up actions.
Cyfirma has also discovered another malicious artifact, called CDEK, hosted on the same phishing domain. Details about CDEK are still unknown; however, it appears to reference a Russia-based tracking service for packages and deliveries, further intensifying the threat landscape.
The operators behind FireScam remain unknown, as do the exact methods used to lure users to the phishing site. It is suspected that SMS phishing (smishing) or malvertising techniques might be involved.
Also Read: Are You a Spyware Target? How to Stay Protected from Spyware
“By mimicking legitimate platforms such as the RuStore app store, these malicious websites exploit user trust to deceive individuals into downloading and installing fake applications,” Cyfirma warned.
FireScam showcases the increasing sophistication of phishing-based attacks, combining advanced obfuscation techniques with innovative social engineering to remain under the radar and compromise devices. This malware reminds users to be mindful of the apps they download—particularly from unknown sources—because cybercriminals will continue to exploit trust in bona fide platforms to execute their criminal activities.
Discover how AVP Total Security acts as a digital shield, protecting your devices and personal information from malware, phishing scams, and data breaches. With advanced features and real-time monitoring, AVP Suite ensures your online safety and privacy at all times.
Well, AVP Suite provides impenetrable malware protection that works tirelessly to spot and eliminate different types of malware before they can harm the devices. This gives you an upper hand in preventing malware scams.
Additionally, you can get strong ransomware protection with AVP Suite, mitigating any potential risks. This ensures your files are well protected, where AVP prevents any hackers from accessing them.
With AVP Suite, you witness a phishing scam-free browsing experience. Its cutting-edge scam detection is designed to spot and block phishing scam attempts. Besides, it sends you on-time alerts on fake emails, websites, or messages, securing your personal or financia
The suite effectively removes intrusive adware that can compromise your privacy and disrupt your online experience.
Well, nothing passes from the sharp scanning capabilities of AVP Suite that eliminates any scam attempt to access your data. This guarantees your device’s safety.
Read More: How Anti-Tracking Software Can Shield Your Data: Say Goodbye to Trackers!
AVP Suite ensures real-time monitoring, providing strong online data safety. It works rigorously to scan any threat and unusual activity so that you can browse and scroll without any worry.
AVP Suite scans dark web thoroughly and sends you a real-time alert in case your sensitive information, such as email addresses or passwords, are visible in the dark web, This lets you to take immediate action to safeguard the information.
AVP Suite secures your online data privacy by stopping unauthorized access and encrypting sensitive data to ensure secure utilization throughout all devices.
With multiple layers of cybersecurity, AVP Suite safeguards against evolving threats, ensuring peace of mind that your data and devices are in safe hands.
AVP Total Security is your ultimate defense against cyber risks, offering proactive protection for all aspects of your digital life.
As hackers relentlessly target Android users with malicious schemes like FireScam malware, safeguarding your personal data has never been more critical. The good information?
You can outsmart cybercriminals with the proper defense. AVP Suite is your best solution to neutralize threats, prevent data theft, and secure your online activities. Equipped with advanced malware safety and real-time threat detection, it provides the comprehensive shield you need in today’s digital battlefield.
Don’t let hackers win the game—empower yourself with AVP Total Security now!