Google had to deal with its fair share of infected Android apps and games in 2018, and despite the company’s efforts, spyware continues to creep into the digital marketplace. Trend Micro spotted a Flappy Bird clone on the Play Store amongst other fake apps that have the newly discovered ANDROIDOS_MOBSTSPY spyware built in.
Flappy Birr Dog, Flappy Bird, HZPermis Pro Arabe, Win7imulator, Win7Launcher, and FlashLight are apps that were spotted on the Play Store containing the same malware. Dubbed the MobSTSPY malware, the infected apps are capable of sharing private information like SMS conversations, clipboard data, call logs and even GPS data. the Firebase Cloud Messaging platform is used to send information to the attackers to their private server.
Users simply need to download the apps from the Play Store, and they automatically scan for Wi-Fi or cellular networks. Once the infected apps are connected to the internet, they start reading private data after downloading an XML configure file. The XML file is transferred from the command and control servers once attackers identify and exploitable device. The app(s) proceed to collect device data and send them to the attackers.
Other than the apps’ ability to steal user data, they also have phishing tools built-in. Fake Facebook and Google pop-ups replace legitimate ones, and once users enter their account details, they get sent to the attackers. It is currently unknown how many users have lost their Google or Facebook account details due to the phishing campaign but with over 100,000 downloads experienced by the apps as per Google Play Store data.
Users from over 196 countries were affected. India makes up for most of the affected users with over 31% downloads originating from the country. Russia, Pakistan, Bangladesh, and Indonesia make up the rest of the top five spots. Google has already been notified about the apps, and they have been taken down.
What do you think about the fake apps appearing on the Play Store? Let us know in the comments below. Check our socials on Facebook and Twitter for daily tech news.