Systems Affected

Android systems

Threat Level



A spyware disguised as legitimate Android applications itself has made its way into the Google Play store to gather information from users with some of the malicious apps being downloaded more than 100,000 times by users across the globe last year.


Detected as ANDROIDOS_MOBSTSPY and dubbed MobSTSPY, the malware initially grabbed researches attention when it was disguised as an app called Flappy Birr Dog. Upon further investigation, researchers found the spyware was also hidden in other applications including
  ✦   FlashLight,
  ✦   HZPermis Pro Arabe
  ✦   Win7imulator
  ✦   Win7Launcher
  ✦   Flappy Bird
As of now, Google has removed all the identified applications from the Play Store but it is still unclear whether over the 100,000 users who download these applications on their devices are safe from the malware or not.


Once the app with MOBSTSPY is downloaded on to the users' phone, the app can be used to steal information like user location, SMS conversations, call logs and clipboard items. Even data from the platforms like WhatsApp, Snapchat, and Facebook are not safe from this spyware. MOBSTSPY uses Firebase Cloud Messaging to send information to its server. That same server can instruct the software to gather data that could include downloading files located on the Android device and conduct a phishing campaign by displaying fake Google and Facebook pop-up ads to encourage the victim to give up credentials.

Solution/ Workarounds

If you have already downloaded any one of these applications from the Google Play Store, then it is recommended that you uninstall the app and download antivirus software for cleaning the malware.
To prevent infections from similar malware, install a comprehensive cyber-security solution to defend their mobile devices against mobile malware and pay extra attention when downloading apps into your devices.



The information provided herein is on "as is" basis, without warranty of any kind.


© Copyright Sri Lanka CERT|CC. All Rights Reserved.