India Tops The List Of Countries Affected By A Dangerous Android Malware: Study

Written By Tanmay Patange | Mumbai | Published:


  • Trend Micro discovered malicious spyware MobSTSPY collecting information from users
  • Some of these apps have already been downloaded over 100,000 worldwide

Android users, beware! Folks over at cybersecurity firm Trend Micro discovered what appeared to be genuine apps on Google Play Store but in reality, they were malicious spyware detected as ANDROIDOS_MOBSTSPY (dubbed MobSTSPY), collecting information from users. Some of these apps have already been downloaded over 100,000 worldwide. As part of this discovery, Trend Mirco investigated this game called Flappy Birr Dog, in addition to several other apps like FlashLight, HZPermis Pro Arabe, Win7imulator, Win7Launcher and Flappy Bird. At the time of writing this, none of these apps is available to download on Google Play Store.

MobSTSPY threatens user privacy. Once installed on your phone, it can steal location data, call logs, SMS conversations and more. MobSTSPY Firebase Cloud Messaging to send all this stolen information to its server. MobSTSPY activates after users launch the malicious app on his / her phone. It first checks your phone's network availability and then reads and analyses an XML configuration file from its command-and-control (C&C) server.

Also Read | Meme lovers beware, Hackers control malware using Memes shared on social media

It then goes to steal certain device information such as its registered country, package name, device manufacturer, in addition to user's email ID, user ID, location and so much more. Once the information is shared to C&C server, more commands are awaited from C&C server through Firebase Cloud Messaging. Depending on these commands, it can steal SMS conversations, contact lists, files, location, call logs etc.

The story doesn't end here. In addition to data stealing, MobSTSPY is also capable of carrying out phishing activities to collect sensitive information such as your credit card credentials. It can also display fake Facebook and Google pop-ups to make users wrongfully share their account login details. Upon logging in through those fake pop-ups, users would receive a message saying their login was unsuccessful, which is obvious since it was not the official website to log into your account in the first place. But the malware would steal your login credentials the first time you try to log in.

Also Read | Moving photographs from Harry Potter novels may not be far from reality, thanks to AI

It has affected users from 196 countries with a majority of them (over 31 per cent) in India, followed by Russia (7.54 per cent), Pakistan (4.81 per cent), Bangladesh (4.71 per cent), Indonesia (3.42 per cent) and others.

Commenting on this study, this is what researchers at Trend Micro have to say:

"This case demonstrates that despite the prevalence and usefulness of apps, users must remain cautious when downloading them to their devices. The popularity of apps serves as an incentive for cybercriminals to continue developing campaigns that utilize them to steal information or perform other kinds of attacks. In addition, users can install a comprehensive cybersecurity solution to defend their mobile devices against mobile malware."