Symantec security researchers have discovered a new malware that disguised as a legitimate application. The app claims to be an unofficial version of Telegram, essentially pushing malicious sites in the background. The app, called “MobonoGram 2019,” uses Telegram’s open-source code, but has malicious code embedded before it is released to the Google Play Store. The infected device will be used to spread the “Android.Fakeyouwon” malware and receive the loaded malicious URL from the command and control server. The vast majority of MobonoGram target users are Iran and Russia as well as the United States.
It is unclear how long MobonoGram 2019 has existed and how much harm it has. It is not immediately clear how long MobonoGram 2019 was available. But the app racked up more than 100,000 downloads, and the developer Recently, in April and last year, Google released a report said that there are nearly 100 malicious applications, with a total download volume of more than 30 million, such as just a flashlight application which was downloaded more than a million times.
Google has been using Google Play Protect as a protection device to protect against potentially harmful applications by using high-profile applications and spyware to trick users into clicking on downloads and then pushing ads on mobile phones for profiteering. The means, because of the openness of the Android platform, there are always some leaks in the Google Play Store app review mechanism, although only last year, Google removed more than 700,000 applications, the vulnerability during the review process repeatedly put malicious applications on the shelves.
Google still emphasizes that it’s much safer for users to install only the Google Play Store app.