123ArticleOnline Logo
Welcome to 123ArticleOnline.com!
ALL >> Computers >> View Article

Android Nemesis Mobstspy Goes Global Via Google Play

By Author: Virus Removal Gudilines
Total Articles: 64

An Android Spyware disguised as games & utilities struck more than 100,000 victims in 196 countries before being taken out of Google Play. Detected as ANDROIDOS_MOBSTSPY & dubbed MobSTSPY, the malware initially grabbed attention when it was masqueraded as a called Flappy Birr Dog.

While it is common to find unarmed goods in third party app stores, MobSTSPY managed to infiltrate the authentic & reliable App Store i.e. Google Play with at least six different apps in 2018. These apps include:

FlashLight,
HZPermis Pro Arabe,
Win7imulator,
Win7Launcher, and
Flappy Bird
Flappy Birr Dog
These apps pose as legitimate & claim to be torches, games & tools for productivity. Some of these have seen 10,000 download from users around the world. Though malware invasion in devices is common, but what makes this case more interesting is the widespread distribution of its applications.

Among the countries where the malware is scattered include Poland, Mozambique, Thailand Iran, Mexico, Tanzania, Vietnam, Algeria,  Romania, Cambodia, Italy, Morocco, Malaysia, Kazakhstan, Germany, Iraq, Sri Lanka, Philippines, Argentina, Belarus, Saudi Arabia, the United Republic of Hungary & South Africa.

Threat Behavior of MobSTSPY
Unlike the undistinguished spyware, Mobstspy is scripted to embezzle wider range of data on the compromised devices. To evade detection and to build a strong base the malware after infiltration first detects the device’s network availability. It then reads and parses an XML configure file from its C&C (command and control server) hence registering the device.

It is observed that the malware leveraged Firebase Cloud Messaging (FCM) to communicate with the C&C server & depending on the command received it steals & transfers the data to the threat actors.

The threat behavior of Mobstspy can be categorized into two:

Information Stealer: The nasty android infection lines its pockets with important user data like user location, text messages, call logs, contact lists, clipboard items & instance  downloaded files on android devices. It also collects device information like its registered country, language used, package name, device manufacturer & so on to keep a track of devices for future social engineering attacks. The collected information is sent to C&C server via FCM.
Phishing Aspect: In addition to info-stealing capabilities, malware is scripted to steal credentials of prominent social networking sites by displaying phishing screen. For instance, forged Facebook and Google login screens are displayed to trick users to enter the credentials. When the user provides the username & password, it returns an unsuccessful login message, but the credentials have already been stolen.
Read More :- Click here

More About the Author

Virus Removal Guidelines is a web portal that is committed to offer you with the best guides and removal tools for all your malware and virus infection issues. It is our desire to create awareness towards the various threats that roam the World Wide Web. We want to ensure that we have a future where every user is guaranteed to have better portal security and an efficient browsing experience. http://www.virusremovalguidelines.com/

Total Views: 10Word Count: 388See All articles From Author

Computers Articles

1. Malevolent Apps On Google Play Store Infects 9 Million Android Users
Author: Virus Removal Gudilines

2. Important Video Websites You Must Know To Improve Your Video Development Skills
Author: Devin Smith

3. Buying Genuine Windows Product Keys Is Getting More Easier
Author: KeyShopOnline

4. How To Turn On/off Lg G Smartwatch?
Author: Devin Smith

5. Best Apps For Chromebook In 2019
Author: Aida Martin

6. Outsourcing Managed It Services
Author: Sam Vohra

7. Some Of The Advantages Of Law Firm Case Management Software
Author: Ryan Sparrow

8. Germany’s Major Cyber Attack: Private Data Of Politicians Leaked By 20-year-old Man
Author: Virus Removal Gudilines

9. Erp Software For Construction Industry
Author: eresource infotech

10. Automate Ftp Downloads And Uploads With Ftpgetter Professional
Author: Vladimir Davidenko

11. Google Notifies Affected Users Of The Private Data Exposed To Third Party Developers
Author: Virus Removal Gudilines

12. Tampermonkey Chrome Extension Blacklisted By The Popular Web Browser Opera
Author: Virus Removal Gudilines

13. Integrate The Api And Become The Market Leader
Author: Kaveri Sharma

14. The Finest Minecraft Servers
Author: Gabriel Fulton

15. Managed Services Specialist Help – A Right Choice For Smart Services !!!
Author: sevenmonies

Login To Account
Login Email:
Password:
Forgot Password?
New User?
Sign Up Newsletter
Email Address: