MobonoGram 2019 (detected as Android.Fakeyouwon) is advertising itself as an unofficial version of the Telegram messaging app and claiming to provide even more features than both the official and other unofficial versions in the market. While the app does provide basic messaging functionality, we found it was also secretly running a few services on the device without the user’s consent, as well as loading and browsing an endless stream of malicious websites in the background.
The app was available to mobile users even in regions that have banned Telegram, such as Iran and Russia, and was also downloadable by U.S. users. It allowed users to toggle between English or the Persian language (Farsi). The app seemed to have used the open-source code of the legitimate Telegram app. Its developers appeared to have injected their malicious code into the app before publishing it on the Play store.
The app was available on Google Play for a time and downloaded more than 100,000 times before it was removed from the store. The developer, RamKal Developers, is believed to have published at least five updates for the app on the Play store before it was taken down.
