HeroRat, the Android malware that spreads on Telegram

Information security researchers have discovered a virus for Telegram on Android that can take over a smartphone, here's how to defend yourself

After the diatribe with the Russian government that led to a usage block for a lot of users, the problems continue for Telegram, the famous instant messaging application alternative to WhatsApp. Now hackers have targeted the Android version of Telegram with a new virus.

Security researchers ESET have discovered that Telegram's Android app has been tampered with by a group of cyber criminals through a new malware called HeroRat. The virus, according to cyber security experts, has been inside the app's source code for at least a year but has been very difficult to detect because it disguises itself perfectly as a chatbot, one of the many present inside Telegram. The malware is quite sophisticated and once it self-installs it gets administrator rights on the device, which means it can do whatever it wants on our smartphone: install new viruses or spy on us 24 hours a day and thus steal all our private information.

How the new Telegram virus spreads

HeroRat is not available on Google Play Store but it can be downloaded on several sites dedicated to the Telegram app, on unofficial Android stores and also via links on major social media. However, the virus has also been inserted by hackers inside other applications, especially those inherent to Bitcoin purchases, paid packages of new followers on Instagram and Facebook or programs promising to discover the passwords of Wi-FIs to connect to.

HeroRat currently works on any version of Android even on the latest Oreo 8.1. Noticing the ongoing threat is not easy. If by any chance we install one of the malicious apps containing HeroRat on the device we will get an error message warning us that the app has been uninstalled due to incompatibility with our device. Actually, at this point, although not visible, the malicious malware code has already started to act in a hidden way on our phone. At the moment, the virus has affected Telegram users mainly in Iran and the Middle East, but potentially all Android users are at risk.

How to defend yourself against HeroRat virus

In case of HeroRat infection on our smartphone, we need to install a latest generation computer security software that is able to detect the threat with a thorough scan of our device. In order not to have to resort to these shelters, however, the advice is to never install applications outside of the Google Play Store. Especially when browsing social media, do not trust applications that are presented to you as downloadable via a simple link. Often these are nothing more than an online scam or worse malware.