The 'Android.Fakeyouwon' Malware is a Trojan that disguises itself as a fork of the Telegram messaging application. Although it provides genuine messaging capabilities, it also conducts attacks related to exploiting the system for creating fraudulent ad traffic or redirecting users to harmful websites. Android users should uninstall the 'Android.Fakeyouwon' Malware with a trusted anti-malware service and clear their browser's cache immediately.
'You've Won' a Compromised Browser
A series of attacks is combining the popularity of Telegram with its legally-forbidden nature in countries like Iran for a potent infection strategy. This social engineering tactic uses a corruptedly-modified version of Telegram, MobonoGram 2019, and is infecting over ten thousand Android users' devices successfully. The result, the 'Android.Fakeyouwon' Malware, is a working instant messenger, but its legitimate functions are just a cover for other, illegal ones.
The 'Android.Fakeyouwon' Malware is another example of Google's Play Store's experiencing a security breach, although MobonoGram 2019's page is down as of mid-July. Since its code is partly from Telegram, MobonoGram 2019 offers the expected features of that application and caters to both English-speaking and Farsi (AKA Iranian) users. Sadly, the software also has a 'dark side' and uses multiple AddService exploits for keeping itself persistent.
The 'Android.Fakeyouwon' Malware's payload is finance-oriented and includes fake ad-clicking functionality. This feature simulates Web traffic for pay-per-click content. The application also has a browser-hijacking attack that can reroute surfers to unwanted and unsafe websites. The second of these features includes geographical filtering for sorting traffic to different sites, such as a fake gaming domain for a user in the Philippines or a pornography site for a user in Iran.
Preventing the Simplest of Fakeouts
The appeal of an 'alternative' version of forbidden software to dissidents against a local regime is understandable, but searching for unauthorized and unofficial variants of software comes with risks. The 'Android.Fakeyouwon' Malware's campaign demonstrates this fact well. The threat actor is, already, taking advantage of re-branding the same strategy with another Telegram tactic variant, Whatsgram.
Android users should avoid downloading software from third parties that may be compromised or harmful. This caution applies for any sources related to 'Ramkal Developers' – the company that's responsible for the 'Android.Fakeyouwon' Malware especially. Loading unwanted sites automatically is one of the 'Android.Fakeyouwon' Malware's most visible symptoms. However, it also can cause excessive battery usage and performance issues related to its advertising-clicking fraud.
Users no longer are in danger of downloading the MobonoGram 2019 variant of this Trojan, assuming that they avoid non-Google-endorsed application stores. Those who still require uninstalling the 'Android.Fakeyouwon' Malware by any brand name should use Android-compatible anti-malware solutions for their needs.
Advertising is big business for crooks, as well as anyone else. The 'Android.Fakeyouwon' Malware campaign shows the increasingly-savvy marketing that goes into forcing users into encountering these advertisements. One's selection of software is crucial, for those who're thinking of using messengers that their governments wouldn't consider kosher especially.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to 'Android.Fakeyouwon' Malware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.