They pretended to be the Signal and Telegram applications, and practically all the data stored on mobile phones was stolen by dangerous spyware that, according to ESET, may have claimed the lives of several victims in Hungary as well.

Telegram and Signal apps infected with Trojan spyware have been uploaded to the Play Store and Samsung Galaxy Store as well, Lucas Stefanco, a researcher at cybersecurity firm ESET, discovered.

Dangerous apps can be linked to a Chinese hacker group infected with the BadBazaar spyware, and the case also has a local impact: In addition to several other countries – including Ukraine, Poland, Germany and the US – according to ESET’s map, dangerous apps have also spread to Hungary.

The dangerous spyware program has also spread in Hungary.


However, it was very serious: like sleeping computer He writes, they’ve been able to track your device’s exact location, steal call history and text messages, record phone calls, take pictures with your camera, access your contact list, and even steal files and databases.

The attacks were carried out using apps called “Signal Plus Messenger” and “FlyGram”, which are “patched” versions of the open source instant messaging apps Signal and Telegram, but mostly just dangerous versions.

Meanwhile, malicious parties created app websites to legitimize spyware – and there were links to the apps, too.

FlyGram – among many other things – transmitted Telegram communication data to a server connected to the attacker through a function flagged as a backup – based on analysis, at least 13,952 users authorized this, but the total number is unknown.

The fake Signal works similarly, but also allows the attacker to link the victim’s Signal account to the attacker’s devices, allowing them to see future exchanges. They were able to achieve this with QR code-based functionality, which would normally help link multiple devices to a single account – but Signal Plus Messenger abused that and automatically linked their device to their own, giving them access to all future messages.

To check if we’re affected, open the real Signal app, then its settings, and find the ‘Associated devices’ menu item there. Here we see all connected devices: if something is suspicious, remove it immediately.

The aforementioned dangerous apps are no longer available on the Play Store or Samsung’s own App Store – however, if any of them are still on your device, delete them immediately.

If you want to know about similar things at other times, like it HVG Tech’s Facebook page.


In addition to diverse, independent and factual information, our readers who join the Pártoló membership can also enjoy a number of benefits for their financial support.
Depending on your membership level, we offer, among others:

  • We send you an exclusive weekly digest of interesting things in the world;
  • You can gain an insight into HVG’s work, and you can meet our authors;
  • You can participate in premieres of the latest films, in various events;
  • You can buy HVG books and publications at a discount;
  • You can read hvg360 digital news magazine.