An Android app clone will steal all your typed data.

The prevalence of fake apps is a major issue, and their sophisticated social engineering tactics make them difficult to detect.

Another fake app has been discovered by security researchers that pretends to be the premium version of Telegram, a popular messaging app with over a billion downloads. This app, called FireScam, is being used by hackers to spread malware that can steal everything you type on your Android phone and other personal information.

Your keyboard tracks your passwords, which could give hackers access to sensitive data.

What you need to know about FireScam

Cyfirma's threat management report states that FireScam is a type of malware that steals personal information from Android devices. This malware functions like spyware, monitoring your Android phone's activities, including notifications, messages, and clipboard content.

FireScam is being spread by hackers who are pretending it's a premium version of Telegram. They've created a fake website on GitHub that resembles RuStore, a legitimate app store in Russia. When users visit this fake site, they are tricked into downloading an app that looks like "Telegram Premium." However, this app is actually a trap that downloads FireScam malware onto your device and steals your personal data.

The app, disguised using DexGuard, requests permissions to access your storage, check installed apps, and install additional software. Upon opening the app, it displays a fake login page resembling Telegram's, and if you enter your details, it steals your credentials.

Hackers initially store the stolen data in a Firebase Realtime Database, but later transfer it to private servers. Additionally, the malware assigns a unique ID to each compromised device, allowing hackers to monitor their victims.

FireScam can steal almost everything on your phone

Cyfirma's analysis reveals that the FireScam malware is highly effective at stealing nearly all types of data from an infected Android device. It categorizes and sends anything you type, drag and drop, copy to the clipboard, or even data automatically filled by password managers or exchanged between apps directly to the hackers.

The malware not only tracks device state changes and e-commerce transactions to capture financial details but also spies on messaging apps to steal conversations and monitors screen activity, uploading key events to its server for further exploitation.

6 ways to stay safe from fake apps

Always download apps from official stores like Google Play or the Apple App Store to ensure security and avoid fake or harmful apps. Avoid downloading apps from random websites, pop-up ads or unofficial third-party stores as these are common sources of fake apps.

Before installing an app, ensure the developer's name matches the official company behind the app. Fake apps often copy the names of popular apps but use slightly altered spellings or extra characters. For instance, a fake might be called "PayPaal" instead of "PayPal."

Be wary of apps with few downloads and generic comments, as they may be fake. Genuine apps typically have a large number of detailed reviews over time, and be cautious of apps with five-star ratings but no specific feedback.

Be wary of app permissions: Before installing an app, review the permissions it requests. A flashlight app should not require access to your contacts or messages. If an app requests permissions that do not match its purpose, it may be a warning sign. Always reject permissions that seem excessive or unnecessary.

Ensure your device is secure by regularly updating your operating system and apps, which often include important security fixes. Enable automatic updates to always have the latest protections.

6. Secure your Android device: Protect your Android device with strong antivirus software. These tools can detect and remove malware, prevent suspicious activity, and block harmful downloads. Strong antivirus software provides an additional layer of defense, especially when browsing or downloading apps. It can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Discover my top picks for the best 2025 antivirus protection for your Windows, Mac, Android, and iOS devices.

Kurt’s key takeaway

The FireScam malware is a potent software that can steal all data on your phone, and it's challenging to detect unless you're cautious. These malicious apps cannot be distributed through legitimate app stores like the Play Store or the App Store, so they use third-party stores and fraudulent websites to spread. To safeguard yourself, the most effective strategy is to stick to verified app stores and avoid downloading from questionable sources.

Please inform us at Cyberguy.com/Contact when you last reviewed the permissions an app requested.

To receive my tech tips and security alerts, sign up for my free CyberGuy Report Newsletter at Cyberguy.com/Newsletter.

Let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.