Unofficial Telegram App Secretly Loads Infinite Malicious Sites

MobonoGram 2019 (detected as Android.Fakeyouwon) is advertising itself as an unofficial version of the Telegram messaging app and claiming to provide even more features than both the official and other unofficial versions in the market. While the app does provide basic messaging functionality, we found it was also secretly running a few services on the device without the user’s consent, as well as loading and browsing an endless stream of malicious websites in the background.

The app was available to mobile users even in regions that have banned Telegram, such as Iran and Russia, and was also downloadable by U.S. users. It allowed users to toggle between English or the Persian language (Farsi). The app seemed to have used the open-source code of the legitimate Telegram app. Its developers appeared to have injected their malicious code into the app before publishing it on the Play store.

The app was available on Google Play for a time and downloaded more than 100,000 times before it was removed from the store. The developer, RamKal Developers, is believed to have published at least five updates for the app on the Play store before it was taken down.

Read more at Symantec

The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Leave a Reply

Latest from Cybersecurity

SIGN UP NOW for FREE News & Analysis on topics of your choice across homeland security!

BEYOND POLITICS.  IT'S ABOUT THE MISSION. 

Go to Top
Malcare WordPress Security