Fake Telegram App Covertly Pushes an Endless Stream of Malicious Sites

Fake Telegram App Covertly Pushes an Endless Stream of Malicious Sites

1 Star2 Stars3 Stars4 Stars5 Stars (1 stemmer, gennemsnit: 4.00 ud af 5)
Loading ...

A malicious app that advertised itself as an unofficial version of Telegram was downloaded more than 100,000 gange, reported Symantec security researchers.

The app is called MobonoGram 2019, and it claimed to provide more features than the official and other unofficial versions available to users. The app which was available in Google Play indeed provided some messaging functionality but its real purpose was to covertly run several services on the targeted device and load “an endless stream of malicious websites in the background".

More about MobonoGram 2019 ondsindet App

Som allerede nævnt, den MobonoGram 2019 app was available for download on Google Play and was downloaded more than 100,000 gange. It could be downloaded even in countries where Telegram is banned such as Iran and Russia as well as users in the United States.

The app also “allowed users to toggle between English or the Persian language (Farsi)". Tilsyneladende, the app developers utilized the open-source code of the legitimate Telegram app who injected their malicious code before publishing it on the Play store.

The developer of MobonoGram 2019 app is RamKal Developers. The researchers believe that the developers published at least five updates for the app on Google Play before it was taken down.

One of the notable things about the malicious app “inspired” by Telegram is its persistence mechanism which involved a class named Autostart (android.support.translations.english.autostart) implementing a broadcast receiver. The developers also made sure that this malicious service would run in the foreground because “a foreground service is rarely killed, even when memory is low". But even is the service is killed, it would still be able to execute itself indefinitely.

Relaterede: Ondsindet Android App stjæler penge fra PayPal, og det kan ikke stoppes

Når løb, the MobonoGram 2019 malicious app contacts its command and control servers to receive URLs to access from the compromised device, a browser user agent to conceal the origin of the request, as well as three JavaScript codes.

These URLs are set to change based on the geographical location of the device’s IP address. The three JavaScript codes are employed for click fraud. It should be noted that the clicking events were not seen in action, even though all JavaScript codes were indeed loaded. forskerne, dog, cannot entirely dismiss the possibility ofthe malware being used for click fraud or some other malicious end“, as noted in deres rapport.

This is not the first malicious app developed by the same group. Whatsgram is another example of the threat actors’ portfolio.


Milena Dimitrova

En inspireret forfatter og indhold leder, der har været med SensorsTechForum for 4 år. Nyder ’Mr. Robot’og frygt’1984’. Fokuseret på brugernes privatliv og malware udvikling, hun tror stærkt på en verden, hvor cybersikkerhed spiller en central rolle. Hvis almindelig sund fornuft giver ingen mening, hun vil være der til at tage noter. Disse noter senere kan blive til artikler!

Flere indlæg

Efterlad en kommentar

Din e-mail-adresse vil ikke blive offentliggjort. Krævede felter er markeret *

Frist er opbrugt. Venligst genindlæse CAPTCHA.

Del på Facebook Del
Loading ...
Del på Twitter Tweet
Loading ...
Del på Google Plus Del
Loading ...
Del på Linkedin Del
Loading ...
Del på Digg Del
Del på Reddit Del
Loading ...
Del på Stumbleupon Del
Loading ...