MobSTSPY spyware detected in fake Android apps on Google Play

The year 2018 for Google, among other things, was to address the problem of malware-infested Android games and applications on its Play Store. The company valiantly tried tackling spying software, despite so, spyware is still penetrating the digital world of trading. Once more Google Play has been targeted with spyware in the guise of Android apps while a few of them got downloaded in over 100,000 attempts globally the past year.

Trend Micro the security company found the Play containing one clone of Flappy Bird along with other phony applications which contain the freshly detected spyware dubbed ANDROIDOS_MOBSTSPY. Some other applications namely HZPermis Pro Arabe, Flappy Birr Dog, FlashLight, Win7Launcher and Win7imulator were found carrying the same malicious software while on Play.

The malicious software is designed for tapping SMS conversations, call logs, files, contact lists as well as capturing and uploading contents from the smart-phone provided appropriate commands are issued even as the malware utilizes Firebase Cloud Messaging for dispatching data onto its remote server. Soon as an online connection sets for the contaminated applications, they begin intercepting confidential data following the download of certain file which's XML configured. This XML configured file actually comes from the C&C server after attackers manage spotting an exploitable phone. Thereafter, the applications start garnering data from the target device to dispatch the same onto their controllers.

MobSTSPY is further capable of garnering additional information by carrying out phishing assaults that masquerade as Google or Facebook pop-ups for credential requests so it can steal the victimized end-users' account particulars. Researchers from Trend Micro state the current instance is interesting in the sheer distribution of its fake apps. According to them, through their exhaustive research and back-end monitoring, they could observe the overall number of impacted end-users only to find they were from some 196 nations. www.scmagazine.com posted this, January 3, 2019.

As of date Google has removed each and every of the malware-infected applications from its Play Store. However still, these applications continue to be there on intermediate Android application stores while end-users enticed with the pledged custom changes/games are even now prone to be infected with MobSTSPY.

» SPAMfighter News - 1/9/2019