Security researchers at Trend Micro discovered spyware called 'ANDROIDOS_MOBSTSPY’ which is configured to steal users’ data from their smartphones. Reportedly, people from around 200 countries fall prey to it and the majority of them were Indian natives.
Before being flagged on Google Play store, the spyware has been downloaded for at least 100,000 times by Android users after it invaded the store via six apps. The data which the spyware can potentially compromise includes the WhatsApp data of the users.
Modus- operandi; how do these apps steal data?
The spyware disguised itself as gaming and other applications available on the store and enticed users into downloading and installing the cloned apps. Once the infected app was installed and launched, it was exploited to steal user information. The spyware looked for an active internet connection and as soon as it detected one, it advanced to establish a connection with its command server.
After securing a connection, it transferred key device information such as manufacturer, language and registered country. Following which, it registered the device with its server that allowed the criminals to be in control and steal information from the targeted device, remotely. The data that was put to risk included call logs, media, personal texts and contact details stored on the device.
Besides, the users' data linked to various social media platforms such as Snapchat, Facebook and WhatsApp was also jeopardized. The aforementioned conclusion was drawn by the researchers after a scrupulous examination.
Flappy Bird’s faulty clone named ‘Flappy Birr Dog’, HZPermis Pro Arabe, Win7imulator, Win7Launcher, and FlashLight are some of the applications under suspicion. Notably, Google has taken down all the six malicious apps but there’s no certainty of data not being stolen as the apps were already downloaded for over 100,000 times.
