MobSTSPY Info-Stealing Trojan Goes Global Via Google Play

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
An Android spyware dubbed MobSTSPY has managed to ride trojanized apps to a widespread, global distribution, mainly via Google Play.

The malware masquerades as a legitimate application purporting to be things like flashlights, games and work productivity tools. While it’s not uncommon to come across weaponized fare in third-party app stores, MobSTSPY is notable for having managed to also infiltrate Google Play with at least six different apps over the course of 2018.

“Part of what makes this case interesting is how widely its applications have been distributed,” said Trend Micro researchers Ecular Xu and Grey Guo, in a posting on Thursday. “Through our back-end monitoring and deep research, we were able to see the general distribution of affected users and found that they hailed from a total of 196 different countries.”

These run the gamut from Mozambique to Poland, Iran to Vietnam, Algeria to Thailand, Germany to Iraq and so on.

The Google Play apps specifically were Flappy Birr Dog, FlashLight, HZPermis Pro Arabe, Win7imulator, Win7Launcher and Flappy Bird, all of which appeared last year and are now gone from the store. Some were downloaded more than 100,000 times by users from all over the world.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top