100 thousand users installed an unofficial malicious version of Telegram

by Brendan Smith
February 16, 2021
fake telegram
Written by Brendan Smith

Symantec experts found in Google Play MobonoGram 2019 – an application positioned as an unofficial version of Telegram with a large set of functions.

More than 100 thousand users downloaded it from the official Google Play store. In fact, the application not only could not offer advanced features of the messenger, but also promoted malicious sites.

In MobonoGram 2019, was used a code of the legitimate Telegram version, to which were added several scripts, working invisibly to the user. The scripts that were responsible for downloading the malicious URLs received from the C&C command server.

By the time researchers found an undesirable application, the developer of RamKal Developers had time to release five updates in the Android app store.

MobonoGram 2019 application was offered to download to users from those countries where the Telegram messenger (Russia, Iran and so on) is prohibited.

MobonoGram 2019

The MobonoGram 2019 app’s UI has a similar look and feel to the official Telegram

Installed on the device, the application always started with the start of the operating system. After launching, MobonoGram 2019 requested from the command server a list of URLs for the visits on the infected device.

According to a Symantec report, malicious links were different each time, depending on the user’s geographic location. On the pages of such sites usually appeared fishing scheme, claiming that the user has won Samsung s10 smartphone.

“Such code structure is usually hard to spot via static code analysis, making it extremely easy for the attacker to sneak its way into Google Play. Additionally, these attacks can become really nasty quickly as it can load and execute any dynamic malicious contents that are sent by the server”, — report Symantec specialists.

RamKal Developers were noted not in relation to this application, experts also stumbled upon another program – Whatsgram, which had similar behavior.

Researchers find it difficult to say how long the unwanted application has been on the Google Play Store site.

How to mitigate?

  • Keep your software up to date.
  • Do not download apps from unfamiliar sites.
  • Only install apps from trusted sources.
  • Pay close attention to the permissions requested by apps.
  • Install a suitable mobile security app to protect your device and data.
  • Make frequent backups of important data.
Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Brendan Smith

I'm Brendan Smith, a passionate journalist, researcher, and web content developer. With a keen interest in computer technology and security, I specialize in delivering high-quality content that educates and empowers readers in navigating the digital landscape.

With a focus on computer technology and security, I am committed to sharing my knowledge and insights to help individuals and organizations protect themselves in the digital age. My expertise in cybersecurity principles, data privacy, and best practices allows me to provide practical tips and advice that readers can implement to enhance their online security.

View all posts

Leave a Reply

Sending