Spyware Android apps downloaded over 100,000 times from Google Play Store: Report

By Digit NewsDesk | Published 09 Jan 2019 15:31 IST
  • According to cybersecurity company Trend Micro, India is the most affected country with this spyware, which is stealing users’ personal information.

Spyware Android apps downloaded over 100,000 times from Google Play Store: Report
Spyware Android apps downloaded over 100,000 times from Google Play Store: Report


  • Trend Micro claims to find spyware on Google Play Store.
  • Some of them have nearly 100,000 downloads.
  • India has most affected users in the world.

Japan-based IT security company Trend Micro has claimed that it has discovered spyware on Google Play Store that has been stealing users’ personal information. The firm says that some spyware apps have been downloaded over 100,000 times by users, and claims that India is the most affected country in the world. The spyware (detected as ANDROIDOS_MOBSTSPY) disguised itself as legitimate Android applications and these apps were available for download on Google Play in 2018.

As per Ecular Xu and Grey Guo from Trend Micro, “One of the applications that was initially investigated was the game called Flappy Birr Dog. Other applications included FlashLight, HZPermis Pro Arabe, Win7imulator, Win7Launcher and Flappy Bird.” All the reported apps have been removed from Google Play now. The spyware MobSTSPY is capable of stealing information like user location, SMS conversations, call logs and clipboard items.

Trend Micro says that MobSTSPY uses Firebase Cloud Messaging to send information to its server. Once the malicious application is launched, the malware will first check the device’s network availability. “It then reads and parses an XML configure file from its C&C server. The malware will then collect certain device information such as the language used, its registered country, package name, device manufacturer etc,” the firm claimed.

In addition to its information-stealing capabilities, the spyware can also gather additional credentials through a phishing attack. It is capable of displaying fake Facebook and Google pop-ups to phish for the user’s account details. If the user inputs his/her credentials, the fake pop-up will only state that the log-in was unsuccessful. By this time, the malware would already have stolen the user’s credentials.

Trend Micro says that its back-end monitoring and deep research was able to see the general distribution of affected users and found that they hailed from a total of 196 different countries. India tops the list with the most number of affected users. Other countries which are affected include Russia, Pakistan, Bangladesh, Italy, Germany, and the US. Recently, Google removed 13 malware apps from Play Store that were installed over half million times.

Related Read:

Quick Heal claims to discover fake apps on Google Play Store

Google removes massive trove of malware apps and shoddy reviews from Play Store

For more technology news, product reviews, sci-tech features and updates, keep reading Digit.in or head to our Google News page.

Digit NewsDesk
Digit NewsDesk

Email Email Digit NewsDesk

Follow Us Facebook Logo Facebook Logo Facebook Logo

About Me: Digit News Desk writes news stories across a range of topics. Getting you news updates on the latest in the world of tech. Read More