EXPOSED: Source Code Evidence of Nekogram Phone Number Harvesting
1. Exfiltration Logic: The function uo5.g() (reconstructed as logNumberPhones) silently collects the UserID and Phone Number of every account logged into the app (up to 8 accounts).
2. Transmission: Data is sent via Inline Queries to the bot @nekonotificationbot. This is done programmatically, so no message appears in your "Sent" history.
3. Target Bots: Three bots embedded in the client's obfuscated code:
@nekonotificationbot: Receives the automated phone number uploads.
@tgdb_search_bot and @usinfobot: : An OSINT bot mentioned in the obfuscated classes.
4. Security Token: The app uses a hardcoded secret key 741ad28818eab17668bc2c70bd419fc25ff56481758a4ac87e7ca164fb6ae1b1 as a prefix for the stolen data, likely to authenticate with the bot's backend.
5. The image shows that Nekogram always wants to get the "reg date".
Unfortunately the Google Play Store version is also affected!!!
Follow @TechLeaksZone
1. Exfiltration Logic: The function uo5.g() (reconstructed as logNumberPhones) silently collects the UserID and Phone Number of every account logged into the app (up to 8 accounts).
2. Transmission: Data is sent via Inline Queries to the bot @nekonotificationbot. This is done programmatically, so no message appears in your "Sent" history.
3. Target Bots: Three bots embedded in the client's obfuscated code:
@nekonotificationbot: Receives the automated phone number uploads.
@tgdb_search_bot and @usinfobot: : An OSINT bot mentioned in the obfuscated classes.
4. Security Token: The app uses a hardcoded secret key 741ad28818eab17668bc2c70bd419fc25ff56481758a4ac87e7ca164fb6ae1b1 as a prefix for the stolen data, likely to authenticate with the bot's backend.
5. The image shows that Nekogram always wants to get the "reg date".
Unfortunately the Google Play Store version is also affected!!!
Follow @TechLeaksZone
Media is too big
VIEW IN TELEGRAM
