An Android Spyware disguised as games & utilities struck more than 100,000 victims in 196 countries before being taken out of Google Play. Detected as ANDROIDOS_MOBSTSPY & dubbed MobSTSPY, the malware initially grabbed attention when it was masqueraded as a called Flappy Birr Dog.
While it is common to find unarmed goods in third party app stores, MobSTSPY managed to infiltrate the authentic & reliable App Store i.e. Google Play with at least six different apps in 2018. These apps include:
These apps pose as legitimate & claim to be torches, games & tools for productivity. Some of these have seen 10,000 download from users around the world. Though malware invasion in devices is common, but what makes this case more interesting is the widespread distribution of its applications.
Among the countries where the malware is scattered include Poland, Mozambique, Thailand Iran, Mexico, Tanzania, Vietnam, Algeria, Romania, Cambodia, Italy, Morocco, Malaysia, Kazakhstan, Germany, Iraq, Sri Lanka, Philippines, Argentina, Belarus, Saudi Arabia, the United Republic of Hungary & South Africa.
Unlike the undistinguished spyware, Mobstspy is scripted to embezzle wider range of data on the compromised devices. To evade detection and to build a strong base the malware after infiltration first detects the device’s network availability. It then reads and parses an XML configure file from its C&C (command and control server) hence registering the device.
It is observed that the malware leveraged Firebase Cloud Messaging (FCM) to communicate with the C&C server & depending on the command received it steals & transfers the data to the threat actors.
The threat behavior of Mobstspy can be categorized into two:
The popularity of apps serves as an incentive for cyber-criminals to continue developing campaigns that use them to steal information or carry out other types of attacks.
Protecting the accounts with two-factor authentication feature is therefore deemed vital to avoid unforeseen circumstances.
Google’s ecosystem may be increasingly safe. Thanks to the constant improvements in Google’s implementation of device & software resources. However, this doesn’t imply that chances of downloading an infected app are nil. Irrespective of the stringent safety measures adopted, it is still possible for your phone to become infected with malicious software.
It’s not hard to tell if your device is infected with nasty system program.
Dodgy apps, often promising free work software, cheat codes, porn, new games or money are an increasingly common method of getting malware onto your mobile devices where they wreck havoc & steal data.
The vigilance of users is therefore deemed vital to defend devices against malware attack. Updating software and going through user reviews & star rating is of utmost importance before downloading any application.
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
The researchers at Virus Removal Guidelines are dedicated to track down the latest vulnerabilities which may infringe your system security. Our team of expert performs a detailed research about every malware infection before educating our users about the same.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.