Google Play Store is the most secure and safest way to download apps for Android devices. It is now used by more than 2.5 million people & has millions of apps of every category, be it games, anti-virus tools or music.
It is important all the apps downloaded from Google Play Store are authentic and true to the best of Google’s knowledge, terms and conditions.
Still there are some apps that act as authentic apps but aren’t. These apps are hosted by malicious hackers who pretend to be legit app developers. Motive of such app developers is to make illicit profit by stealing user’s data.
However, a malicious app was observed by Trend Micro researchers which contained malware and is capable of stealing information dubbed as ‘MobsSTSPY’. Let us know some more about this Android malware.
How MobSTSPY Works?
This Android malware works as an information stealer, who could gather possibly everything from the device, such as, user location, SMS conversations, call logs, clipboard items, etc. For the purpose, this Android malware is using Firebase Cloud Messaging (FCM) for sending information stolen back to the server.
When users launch the malicious app, it first checks the device’s network availability. After which, it reads and analyses the configuration file from its C&C server.
Then it collects device information such as language used, registered country, package name, device manufacturer, etc. After collection information, it then sends back it to the dedicated C&C server, this process registers victim’s device on the network.
Once registered, Firebase Cloud Messaging is used to execute some commands based on which it steals SMS conversations, contact lists, files, and call logs. It can also steal and upload files from device storage.
With add-on to its information stealing capability, this Android malware can also be used to perform phishing attacks. It can gather credentials by displaying fake Facebook and Google pop-up to trap users for giving their account details. After user input the details, the pop-ups display message saying, Login was unsuccessful.
Currently, this Android malware is being distributed through bogus apps, imitating as some game app. Around 196 countries were infected with this Android malware.
How To Keep Your Android Device Safe From Spyware & Malware?
With this much cybercrime increasing, it becomes utmost important for every Android user to take some preventions for staying away from any kind of malware, spyware or other infections.
To stay safe and secure, we have enlisted some of the best practices here:
- Buy Android smartphones from legitimate and authentic retailers.
- Keep your phone locked when not in use.
- Use 2 factor authentication.
- Download & install apps only from Google Play Store.
- Encrypt your device data.
- Virtual Private Network – to keep safe on the network.
- Password managers are great for keeping strong passwords.
- Use anti-virus app or tool to stay away from spyware, malware and other online infections.
- Uninstall apps that are not in use. This will recover disk storage space as well.
- Keep your Internet connection disabled when not required.
The Android malware is reportedly distributed through apps on Google Play Store. Flappy Birr Dog, FlashLight, HZPermis Pro Arabe, Win7imulator, Win7Launcher and Flappy Bird are some of the apps containing malware.
For now, these apps have been banned by Google. And as it is said that prevention is always better than cure, we recommended every Android user to use the above enlisted practices to keep your data and credentials safe from malware like MobSTSPY, an Android Malware that could leave your data exploited. Stay safe & secure folks!