Specialists recognized another Android malware concealed behind six diverse Android applications that were available to be downloaded on Google Play. The six applications include Flappy Birr Dog, Flappy Bird, FlashLight, Win7Launcher, Win7imulator, and HZPermis Pro Arabe. Out of these six applications, five have been expelled from Google Play since February 2018.
However, these applications have been downloaded at least 100,000 by clients across 196 nations with the lion’s share of victims from India. The influenced nations incorporate India, Russia, Pakistan, Bangladesh, Indonesia, Brazil, Egypt, Ukraine, Turkey, United States, Sri Lanka, Italy, Germany, Saudi Arabia, and the sky is the limit from there.
Mode Of Operation
Analysts from TrendMicro recognized spyware named as “ANDROIDOS_MOBSTSPY” which is equipped with stealing data, such as, user location, call logs, SMS conversations, and clipboard items. The malware utilizes Firebase cloud messaging to send data to its C2 server.
- When the pernicious application is installed and launched, the malware first checks for the gadget’s network accessibility.
- The malware then reads and parses an XML configuration file from its C2 server.
- At that point, the malware gathers gadget data, such as the language used, its registered country, package name, device manufacturer, and more.
- It then sends the gathered data to its C2 server.
- When executed, the malware waits and then performs the command received from its C2 server via FCM.
- The malware can steal call logs, SMS conversations, contact lists, user location etc dependent on the command it received from its C2 server.
Different abilities of the Malware
The abilities of the malware incorporate,
- Stealing and transferring files on the gadget.
- Stealing extra credentials through phishing assaults.
- Stealing client credentials by showing counterfeit Facebook and Google pop-ups and display screens.
Most clients won’t question the phoney screens or pop-ups and are destined to fall prey to the assault. When the clients give their username and password for the first time, the malware demonstrates to them that the sign in was unsuccessful, but the login credentials have already been stolen by the malware.
Steps to undertake to secure your phone against malware:
- Install a decent antivirus application on your gadget and make sure to update it consistently.
- Only install applications from the official Google Play Store and no place else.
- Never open links in emails or SMS text messages except if you are 100% sure that the emails and the text messages are authentic.
- Avoid visiting unfamiliar sites except if you know that they are safe to use. In the event that you wind up on a conceivably hazardous site unintentionally, leave the page quickly without tapping on any links.
- Perhaps most essential of all, make sure to back up your photographs and other files to your preferred cloud backup service all the time. That way you’ll have the ability to recover your files if your gadget is ever hit by an effective ransomware assault or virus infection.