This isn’t a leak, but…
BREAKING: Nekogram is secretly sending your phone numbers to the developer
The backdoor is hidden in the http://Extra.java
file, which differs from the template uploaded to the repository. The obfuscated code sends data as an inline request to the @nekonotificationbot, leaving no trace.
More info about the backdoor: https://github.com/Nekogram/Nekogram/issues/336 (locked by Nekogram devs)
To validate this, we made a PoC: an LSPosed module that replaces the bot ID and username to ours so all requests are going to it. That way, we confirmed that the phone numbers are being collected. Every. Login.
The PoC is available here: https://github.com/RomashkaTea/nekogram-proof-of-logging
What should you do?
1. Report the app on Play Store: https://play.google.com/store/apps/details?id=tw.nekomimi.nekogram
2. Report the repository on GitHub: https://github.com/Nekogram/Nekogram
3. Delete the app and stop using unofficial Telegram clients
READ FULL ARTICLE: This article originally appeared on Mystic Leaks
Washington Cuts Flow Of US Dollars To Iraqi Central Bank Until 'Acceptable' Government Formed Washington…
Washington Cuts Flow Of US Dollars To Iraqi Central Bank Until 'Acceptable' Government Formed Washington…
🇱🇧🇮🇱 What The Israeli Occupation is Doing in Southern Lebanon is no Longer a Passing…
❗️Hungary’s Prime Minister-elect says ICC warrants, including Netanyahu war crimes case, would be enforced under…
— 🇮🇱/🇱🇧/🇺🇳 NEW: The statue of Jesus Christ that was destroyed by an IDF soldier…
Dozens of Israelis detained at Moscow airport over war on Iran: Report Russian security forces…
This website uses cookies.