Japan-based IT security company Trend Micro has claimed that it has discovered spyware on Google Play Store that has been stealing users’ personal information. The firm says that some spyware apps have been downloaded over 100,000 times by users, and claims that India is the most affected country in the world. The spyware (detected as ANDROIDOS_MOBSTSPY) disguised itself as legitimate Android applications and these apps were available for download on Google Play in 2018.
As per Ecular Xu and Grey Guo from Trend Micro, “One of the applications that was initially investigated was the game called Flappy Birr Dog. Other applications included FlashLight, HZPermis Pro Arabe, Win7imulator, Win7Launcher and Flappy Bird.” All the reported apps have been removed from Google Play now. The spyware MobSTSPY is capable of stealing information like user location, SMS conversations, call logs and clipboard items.
Trend Micro says that MobSTSPY uses Firebase Cloud Messaging to send information to its server. Once the malicious application is launched, the malware will first check the device’s network availability. “It then reads and parses an XML configure file from its C&C server. The malware will then collect certain device information such as the language used, its registered country, package name, device manufacturer etc,” the firm claimed.
In addition to its information-stealing capabilities, the spyware can also gather additional credentials through a phishing attack. It is capable of displaying fake Facebook and Google pop-ups to phish for the user’s account details. If the user inputs his/her credentials, the fake pop-up will only state that the log-in was unsuccessful. By this time, the malware would already have stolen the user’s credentials.
Trend Micro says that its back-end monitoring and deep research was able to see the general distribution of affected users and found that they hailed from a total of 196 different countries. India tops the list with the most number of affected users. Other countries which are affected include Russia, Pakistan, Bangladesh, Italy, Germany, and the US. Recently, Google removed 13 malware apps from Play Store that were installed over half million times.