📰 One of the most dangerous Telegram forks has appeared – telega! ⚠️🇷🇺 A Russian Telegram fork recently emerged. It began appearing in Telegram Ads, including aggressive ads after attempting to call another user from the same fork. The name comes from abbreviated slang used to refer to Telegram.

🔍 The channel "bruhcollective." decompiled the .apk file, and here's what we now know:
1. PROXY_ADDRESS leads to VK servers, MYTRACKER_SDK_KEY is a mail.ru tracker (linked to VK), and CALLS_BASE_URL is sent through Odnoklassniki (also linked to VK) (a cherry on top of the MAX messenger).
2. There are ads, also through mail.ru.
3. There's a "proprietary channel blacklist" to restrict users to blogs "undesirable in Russia," and this line isn't in the official client.
4. The client code is partially copied from Catogram*, right down to the variable names.
5. Phone numbers, authorization keys, and a lot of unnecessary data are sent to their servers.
6. The VK Video and VK Clips interfaces are substituted in JS to hide their branding.
7. Icons can be replaced with VK-specific ones.
* bruhcollective owns the Catogram development - @iTysonLab.

❄️ Another danger is that the fork automatically launches their bots and subscribes to their official Telegram channel. This method can lead to account FREEZING, so be careful! Verified by @madrik.

Why did this client appear? There's an explanation. 😠 Simply because the national messenger MAX (also an import-substituting WeChat) failed to lure users en masse from Telegram. This radical approach was chosen due to the revolt against the government's decision to block calls from foreign messengers under the pretext of «fighting fraud» (we covered this), but in reality, more such attacks occur via mobile networks.

Sources: 💌, 💌, 💌