Symantec experts found in Google Play MobonoGram 2019 – an application positioned as an unofficial version of Telegram with a large set of functions.More than 100 thousand users downloaded it from the official Google Play store. In fact, the application not only could not offer advanced features of the messenger, but also promoted malicious sites.
In MobonoGram 2019, was used a code of the legitimate Telegram version, to which were added several scripts, working invisibly to the user. The scripts that were responsible for downloading the malicious URLs received from the C&C command server.
By the time researchers found an undesirable application, the developer of RamKal Developers had time to release five updates in the Android app store.
MobonoGram 2019 application was offered to download to users from those countries where the Telegram messenger (Russia, Iran and so on) is prohibited.
Installed on the device, the application always started with the start of the operating system. After launching, MobonoGram 2019 requested from the command server a list of URLs for the visits on the infected device.
According to a Symantec report, malicious links were different each time, depending on the user’s geographic location. On the pages of such sites usually appeared fishing scheme, claiming that the user has won Samsung s10 smartphone.
“Such code structure is usually hard to spot via static code analysis, making it extremely easy for the attacker to sneak its way into Google Play. Additionally, these attacks can become really nasty quickly as it can load and execute any dynamic malicious contents that are sent by the server”, — report Symantec specialists.
RamKal Developers were noted not in relation to this application, experts also stumbled upon another program – Whatsgram, which had similar behavior.
Researchers find it difficult to say how long the unwanted application has been on the Google Play Store site.
How to mitigate?
- Keep your software up to date.
- Do not download apps from unfamiliar sites.
- Only install apps from trusted sources.
- Pay close attention to the permissions requested by apps.
- Install a suitable mobile security app to protect your device and data.
- Make frequent backups of important data.
User Review( votes)