This isn’t a leak, but…
BREAKING: Nekogram is secretly sending your phone numbers to the developer
The backdoor is hidden in the http://Extra.java
file, which differs from the template uploaded to the repository. The obfuscated code sends data as an inline request to the @nekonotificationbot, leaving no trace.
More info about the backdoor: https://github.com/Nekogram/Nekogram/issues/336 (locked by Nekogram devs)
To validate this, we made a PoC: an LSPosed module that replaces the bot ID and username to ours so all requests are going to it. That way, we confirmed that the phone numbers are being collected. Every. Login.
The PoC is available here: https://github.com/RomashkaTea/nekogram-proof-of-logging
What should you do?
1. Report the app on Play Store: https://play.google.com/store/apps/details?id=tw.nekomimi.nekogram
2. Report the repository on GitHub: https://github.com/Nekogram/Nekogram
3. Delete the app and stop using unofficial Telegram clients
READ FULL ARTICLE: This article originally appeared on Mystic Leaks
Candace Owens, Ian Carroll & Myron Gaines Absolutely Demolish Rabbi's 'Israel Never Attacks First' Claim…
Endless Israeli terrorism: "Several people were injured after Israeli drones launched two missiles at a…
VIDEO | Jewish settlers are attempting to set fire to residents' homes in the occupied…
VIDEO | US President Donald Trump shared an AI-generated video on his Truth Social account…
🚨New: JudicialWatch Out With a Bombshell in their Thomas Crooks FOIA Fight. Records from July…
Report: Trump Tells Aides He May Restart Full-Scale Bombing Against Iran If US Troops Are…
This website uses cookies.