Spyware that disguised itself as a legitimate Android application was detected by security company Trend Micro. The malicious software called MobSTSPY was intended to collect information from users. At first, he was found in a game called Flappy Birr Dog, a kind of copy of the game Flappy Bird with a flying dog. According to the company, some of the apps had more than 100,000 downloads in the Google app store and affected people in 196 countries. Brazil appears as the sixth most affected (3.26% of users) – the first outside the Asian continent, behind India (31.77%), Russia (7.56%), Pakistan (4.81%), Bangladesh (4.71%) and Indonesia ( 3.42%).
The malicious tool was also discovered in other apps, such as FlashLight, HZPermis Pro Arabe, Win7imulator, Win7Launcher and Flappy Bird, which may have increased the number of users affected. According to the security company, five out of six of these apps have been suspended on Google Play since February 2018 and have now all been permanently removed from the official store.
The seven biggest online scams of 2018
Malware disguised itself in apps to steal data from Android users – Photo: Disclosure / Pond5
Want to buy cell phones, TV and other discounted products? Discover Compare dnetc
Also according to Trend Micro, the malware would be able to access information such as the user’s location, SMS conversations, call logs and clipboard items. «It uses Firebase Cloud Messaging to send information to the server. As soon as the malicious application is started, the malware will first check the device’s network availability. Then it reads and parses an XML configuration file from your C & C server. «, explains the report published by the company.
Spyware would also be able to capture data through phishing scams, by displaying pop-ups from Facebook and Google for victims to enter their login credentials. If they did, the malicious program reported that the login had not been successful. That would be enough for user information to be stolen.
Malicious apps were on the Google Play Store – Photo: Thássius Veloso / dnetc
How to enter Google Play
Trend Micro’s director of strategic security, Bharat Mistry, said it is possible that the programs were uploaded to Google Play without the malicious code active, but only with the infrastructure necessary for the attack. «After the app gains some credibility and has a good distribution of users, the app’s developer issued an update that activated the malicious features,» he explained.
Mistry also said that Google is more rigorous in the process of admitting new apps, but that, after a sequence of updates that prove they are not malicious, this level of verification may be less rigid. In this way, cybercriminals could take advantage of the system’s surveillance loophole to put actions into practice.
Remember that Google has tried to improve the application approval process to avoid this type of problem. The company releases quarterly security reports (https://transparencyreport.google.com/android-security/overview) and removal of harmful apps through Google Play Protect.
What is the main programming language for Android applications? Check out the dnetc Forum.
Android P: know everything about the operating system