From the Google Play catalog
The program provides the basic functions for messaging, but also silently runs several auto-started background services on the device that send requests to the control server to download and display the content of malicious and fraudulent sites in the browser. It is assumed that the code of the official open Telegram client was used as the basis for MobonoGram, which was supplemented with malicious functionality and published under a different name. Malicious activity was mainly limited to displaying messages about imaginary winnings and fraudulent offers, outside the context of the MobonoGram application and even when it was not formally launched (malicious services were launched automatically after the device was loaded).
Source: opennet.ru