New Spyware Lurks In Google Play Store: Researchers From Trend Micro Found More Infected Apps

Security researchers from Trend Micro found various apps and games with spyware built in. These infected apps can steal user data and transfer it to attackers.

Google has been faced with a lot of infected Android apps and games in 2018, and despite the tech giant’s efforts, spyware keeps creeping into this digital marketplace.

Flappy Bird clone and more fake apps 

What Trend Micro has recently spotted was a Flappy Bird on the Play Store among other counterfeit apps.

These all had the newly discovered ANDROIDOS_MOBSTSPY spyware built in.

Flappy Birr Dog, Flappy Bird, HZPermis Pro Arabe, Win7imulator, Win7Launcher, and FlashLight – these are all apps that have been spotted on the Google Play Store which included the same malware dubbed the MobSTSPY malware.

The infected applications can share private data such as SMS conversations, call logs, clipboard data, and also GPS data which is pretty scary.

The Firebase Cloud Messaging platform is used to send data to the attackers’ private server.

How can users lose their data

All that uninformed users have to do in order to get burnt so to speak is to download the apps from the Play Store, and they will automatically start scanning for Wi-Fi or cellular networks.

After the infected apps are eventually connected to the Internet, they will start to read private data after they download an XML configuration file.

The XML file is then transferred from the command and control servers after the hackers find an exploitable device. The apps will then collect data and send it to the attackers.

Besides stealing user data, these apps can also come with phishing tools in them.

It seems that fake Facebook and Google pop-ups replace legit ones and after users enter their account details, these will go to the attackers. It’s unclear how many users have lost their Google and Facebook account details so far.

You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *