September 8, 2023 | Cybercriminals are exploiting the acceptance of Telegram “mods” in the Google Play store to distribute “Evil Telegram,” a spyware campaign. Using modified versions of Telegram, these attackers, trading on users’ trust in Telegram’s security, create a new avenue for cyberespionage. Kaspersky identified infected apps like “Paper Airplane,” which appear as legitimate Telegram clones but contain a hidden spyware module. These apps, downloaded over 60,000 times, target users in China, particularly the Uyghur ethnic minority, raising concerns about potential government surveillance. Businesses are urged to remain vigilant, as mobile spyware poses risks such as unauthorized access to sensitive data and compromised employee information. Kaspersky researchers reported the apps to Google for removal, emphasizing the need for caution even with official app stores.