Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Android Spyware - ANDROIDOS_MOBSTSPY

 

Systems Affected


Android systems

Threat Level


High


Overview


A spyware disguised as legitimate Android applications itself has made its way into the Google Play store to gather information from users with some of the malicious apps being downloaded more than 100,000 times by users across the globe last year.


Description


Detected as ANDROIDOS_MOBSTSPY and dubbed MobSTSPY, the malware initially grabbed researches attention when it was disguised as an app called Flappy Birr Dog. Upon further investigation, researchers found the spyware was also hidden in other applications including
  ✦   FlashLight,
  ✦   HZPermis Pro Arabe
  ✦   Win7imulator
  ✦   Win7Launcher
  ✦   Flappy Bird
As of now, Google has removed all the identified applications from the Play Store but it is still unclear whether over the 100,000 users who download these applications on their devices are safe from the malware or not.


Impact


Once the app with MOBSTSPY is downloaded on to the users' phone, the app can be used to steal information like user location, SMS conversations, call logs and clipboard items. Even data from the platforms like WhatsApp, Snapchat, and Facebook are not safe from this spyware. MOBSTSPY uses Firebase Cloud Messaging to send information to its server. That same server can instruct the software to gather data that could include downloading files located on the Android device and conduct a phishing campaign by displaying fake Google and Facebook pop-up ads to encourage the victim to give up credentials.


Solution/ Workarounds


If you have already downloaded any one of these applications from the Google Play Store, then it is recommended that you uninstall the app and download antivirus software for cleaning the malware.
To prevent infections from similar malware, install a comprehensive cyber-security solution to defend their mobile devices against mobile malware and pay extra attention when downloading apps into your devices.


References


https://www.cert-in.org.in/
https://blog.trendmicro.com/trendlabs-security-intelligence/spyware-disguises-as-android-applications-on-google-play/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.