According to SOTA,
"The backdoor is hidden in the http://Extra.java file, which differs from the template uploaded to the repository. The obfuscated code sends data as an inline request to the @nekonotificationbot, leaving no trace. The same file implements account 'doxing' via several bots; it is possible that the leaked data is used to populate their databases."
Additionally, the creator of the Nekogram client, (presumably a Chinese national) was previously known for conducting DDoS attacks and unethical online behavior (including death threats against acquaintances).
Apparently, in the early versions of the client, de-anonymization was applied only to Chinese phone numbers, which could have been used for political surveillance;. However, it is now applied to all users.
Follow @TechLeaksZone
