BREAKING: Nekogram is secretly transmitting your telegram account phone number to the developer
According to SOTA,
"The backdoor is hidden in the http://Extra.java file, which differs from the template uploaded to the repository. The obfuscated code sends data as an inline request to the @nekonotificationbot, leaving no trace. The same file implements account 'doxing' via several bots; it is possible that the leaked data is used to populate their databases."
Additionally, the creator of the Nekogram client, (presumably a Chinese national) was previously known for conducting DDoS attacks and unethical online behavior (including death threats against acquaintances).
Apparently, in the early versions of the client, de-anonymization was applied only to Chinese phone numbers, which could have been used for political surveillance;. However, it is now applied to all users.
Follow @TechLeaksZone
According to SOTA,
"The backdoor is hidden in the http://Extra.java file, which differs from the template uploaded to the repository. The obfuscated code sends data as an inline request to the @nekonotificationbot, leaving no trace. The same file implements account 'doxing' via several bots; it is possible that the leaked data is used to populate their databases."
Additionally, the creator of the Nekogram client, (presumably a Chinese national) was previously known for conducting DDoS attacks and unethical online behavior (including death threats against acquaintances).
Apparently, in the early versions of the client, de-anonymization was applied only to Chinese phone numbers, which could have been used for political surveillance;. However, it is now applied to all users.
Follow @TechLeaksZone
π¨204π€‘43π12β€5π€£5π’4π1
EXPOSED: Source Code Evidence of Nekogram Phone Number Harvesting
1. Exfiltration Logic: The function uo5.g() (reconstructed as logNumberPhones) silently collects the UserID and Phone Number of every account logged into the app (up to 8 accounts).
2. Transmission: Data is sent via Inline Queries to the bot @nekonotificationbot. This is done programmatically, so no message appears in your "Sent" history.
3. Target Bots: Three bots embedded in the client's obfuscated code:
@nekonotificationbot: Receives the automated phone number uploads.
@tgdb_search_bot and @usinfobot: : An OSINT bot mentioned in the obfuscated classes.
4. Security Token: The app uses a hardcoded secret key 741ad28818eab17668bc2c70bd419fc25ff56481758a4ac87e7ca164fb6ae1b1 as a prefix for the stolen data, likely to authenticate with the bot's backend.
5. The image shows that Nekogram always wants to get the "reg date".
Unfortunately the Google Play Store version is also affected!!!
Follow @TechLeaksZone
1. Exfiltration Logic: The function uo5.g() (reconstructed as logNumberPhones) silently collects the UserID and Phone Number of every account logged into the app (up to 8 accounts).
2. Transmission: Data is sent via Inline Queries to the bot @nekonotificationbot. This is done programmatically, so no message appears in your "Sent" history.
3. Target Bots: Three bots embedded in the client's obfuscated code:
@nekonotificationbot: Receives the automated phone number uploads.
@tgdb_search_bot and @usinfobot: : An OSINT bot mentioned in the obfuscated classes.
4. Security Token: The app uses a hardcoded secret key 741ad28818eab17668bc2c70bd419fc25ff56481758a4ac87e7ca164fb6ae1b1 as a prefix for the stolen data, likely to authenticate with the bot's backend.
5. The image shows that Nekogram always wants to get the "reg date".
Unfortunately the Google Play Store version is also affected!!!
Follow @TechLeaksZone
π¨141β€16β2π₯2π1
Forwarded from TgDB News (TelegramDB)
Nekogram appears to be using the TgDB Search Bot in an automated manner (without our knowledge; this is not a partnership), likely to search for usernames.
However, this is unrelated to their obfuscated scraping of phone numbers; we do not receive any data from Nekogram and are in no way affiliated with them.
However, this is unrelated to their obfuscated scraping of phone numbers; we do not receive any data from Nekogram and are in no way affiliated with them.
β€38π9π3π2π1
Please do your part by reporting Nekogram to Google π
Since the Google Play version also contains this malicious code, it is vital to report it so Play Protect can flag and disable the app on all user devices. (thx @RomashkaTea for confirming)
https://play.google.com/store/apps/details?id=tw.nekomimi.nekogram - App in Play store, you can report it here also
https://support.google.com/googleplay/android-developer/contact/takedown - Takedown page
Follow @TechLeaksZone
Since the Google Play version also contains this malicious code, it is vital to report it so Play Protect can flag and disable the app on all user devices. (thx @RomashkaTea for confirming)
https://play.google.com/store/apps/details?id=tw.nekomimi.nekogram - App in Play store, you can report it here also
https://support.google.com/googleplay/android-developer/contact/takedown - Takedown page
Follow @TechLeaksZone
Google Play
Nekogram - Apps on Google Play
Nekogram is an unofficial messaging app that uses Telegram's API.
π―74π€‘13β€4β€βπ₯2
Nekogram developer has started damage control by banning people in his chat and the GitHub issue has been closed after being accused of phone number harvesting
https://github.com/Nekogram/Nekogram/issues/336
Follow @TechLeaksZone
https://github.com/Nekogram/Nekogram/issues/336
Follow @TechLeaksZone
π€£152π€‘15β€4π1
Forwarded from Nicole γγ³γΌγ«
The telegram scene for the next week is gonna be like "yeah so our slopgram doesn't steal data like goygram, we are a secure fork of ligmagram and have been vetted 69 times by the devs of cringegram which is our biggest competitor, and one of them is also in the navy"
π€£153β€5β5π€‘5π2β‘1π1π1
Forwarded from Mystic Leaks
The Nekogram devs have admitted this!
π€¬176π90π’80π±75π70π€70π€―68π€£13β€2π1
Bug fixes by other unofficial telegram clients are now on speedrun π«‘
https://github.com/arsLan4k1390/Cherrygram/commit/56d2337179a6ae2f967498a48fe9cc69e9f1de07
Follow @TechLeaksZone
https://github.com/arsLan4k1390/Cherrygram/commit/56d2337179a6ae2f967498a48fe9cc69e9f1de07
Follow @TechLeaksZone
π100π6β€4πΏ1
GitHub PoC Proves Nekogram Collects Your Private Number
Mystic Leaks have built a PoC (Proof of Concept) using which you can see that Nekogram does indeed collect your phone number
The PoC is available here: https://github.com/RomashkaTea/nekogram-proof-of-logging
Follow @TechLeaksZone
Mystic Leaks have built a PoC (Proof of Concept) using which you can see that Nekogram does indeed collect your phone number
To validate this, we made a PoC: an LSPosed module that replaces the bot ID and username to ours so all requests are going to it. That way, we confirmed that the phone numbers are being collected EVERY LOGIN.
The PoC is available here: https://github.com/RomashkaTea/nekogram-proof-of-logging
Follow @TechLeaksZone
π€‘74π24β€3β2π1π₯1
The Nekogram developer accepts the fact that his app indeed sends users phone number.
He then argues that the bot does not have a data collection function.
In another words, "Trust me bro, we don't collect. The app just sends it to fulfill its own inner wishes."
He then argues that the bot does not have a data collection function.
In another words, "Trust me bro, we don't collect. The app just sends it to fulfill its own inner wishes."
π€£189π€¬12π€‘6β€3β2π2π1πΎ1
This media is not supported in your browser
VIEW IN TELEGRAM
NASAβs mission to orbit the Moon through Artemis II is being interrupted by Outlook (New) and Outlook (classic) as they both refuse to open π
Microslop never fails to entertain us, be it on Earth or in Outer Space.
Follow @TechLeaksZone
Microslop never fails to entertain us, be it on Earth or in Outer Space.
Follow @TechLeaksZone
π92π€‘15π€£12β€4
Forwarded from Eli meshi
Few months ago I found that Telegram Plus uses accounts that connect through their client to give themselves reaction on their Telegram channel.
I checked the logs on the app, you can see that as soon as I click download the file to update the app, a reaction is immediately sent.
I checked the logs on the app, you can see that as soon as I click download the file to update the app, a reaction is immediately sent.
18_12_2025_19_52_01.391 D/tmessages: create load operation fileName=4_5920320703357263724.apk documentName=beta_plus-armHockey-12.2.10.1-21908.apk size=67.4 MB position in queue 0 account=0 cacheType=1 priority=65536 stream=null
18_12_2025_19_52_01.393 D/tmessages: send request org.telegram.tgnet.TLRPC$TL_messages_sendReaction@2db04cd with token = 4849
18_12_2025_19_52_01.412 D/tmessages: start loading file to temp = /storage/emulated/0/Android/data/org.telegram.plus/cache/4_5920320703357263724.temp final = /storage/emulated/0/Android/data/org.telegram.plus/cache/4_5920320703357263724.apk priority65536
π€£143β€12
Forwarded from Plus Messenger Support (Admin)
This is done only in channel versions to have some statistics about downloads and installations, and verify that updates are working as expected. You can install Play Store release to avoid this.
Anyway, we can add an option to disable/enable this behavior so you can decide if you want to collaborate with this statistics or not
Anyway, we can add an option to disable/enable this behavior so you can decide if you want to collaborate with this statistics or not
π€£120π€‘12π9β€5π1πΏ1
Forwarded from ATT β’ Tech News (Ξgam)
GitHub Copilot inserted advertisements in pull requests
GitHub Copilot inserted ads promoting Raycast, Slack, Teams and itself in more than 11000 pull requests.
Technically, these were not ads but just "tips" by Copilot, as the raw data included a hidden HTML comment, "START COPILOT CODING AGENT TIPS."
This "bug" was introduced on March 24, when Copilot's abilities were expanded. Martin Woodward blamed it on a "programming logic issue" and tips have now been turned off permanently.
π§βπ» @agamtechtricks
GitHub Copilot inserted ads promoting Raycast, Slack, Teams and itself in more than 11000 pull requests.
Technically, these were not ads but just "tips" by Copilot, as the raw data included a hidden HTML comment, "START COPILOT CODING AGENT TIPS."
This "bug" was introduced on March 24, when Copilot's abilities were expanded. Martin Woodward blamed it on a "programming logic issue" and tips have now been turned off permanently.
π§βπ» @agamtechtricks
π€‘75π9πΏ5β€4
#ShotOniPhone
That's an amazing opportunity for Apple to market iPhones for being used in space to take pictures. Also those pictures have been taken from the front camera even π«‘
That's an amazing opportunity for Apple to market iPhones for being used in space to take pictures. Also those pictures have been taken from the front camera even π«‘
β€76π€‘28π₯9β€βπ₯6π4π1