New research by Symantec has found a malicious app named MobonoGram 2019 (detected as Android.Fakeyouwon) advertising itself as an unofficial version of the Telegram messaging app. From January through May 2019, Symantec detected and blocked 1,235 infections related to the Android.Fakeyouwon malware family, with the highest number of infections located in the U.S., India, and the UAE.
While the app does provide basic messaging functionality, it was also secretly running services on the device without the user’s consent, as well as loading and browsing an endless stream of malicious websites in the background. The app was available on Google Play for a time and downloaded more than 100,000 times before it was removed from the store.
Symantec has also released another piece of research which uncovers an exploit that could allow WhatsApp and Telegram media files to be exposed and manipulated by malicious actors. The security flaw, dubbed “Media File Jacking,” stems from the lapse in time between when media files received through the apps are written to the disk, and when they are loaded in the apps’ chat user interface.
If the security flaw is exploited, a malicious attacker could misuse and manipulate sensitive information such as personal photos and videos, corporate documents, invoices, and voice memos. This threat is especially concerning given the perception that security mechanisms like end-to-end encryption render this new generation of IM apps immune to privacy risks.