silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,057
- Content source
- https://threatpost.com/mobstspy-trojan-google-play/140534/
An Android spyware dubbed MobSTSPY has managed to ride trojanized apps to a widespread, global distribution, mainly via Google Play.
The malware masquerades as a legitimate application purporting to be things like flashlights, games and work productivity tools. While it’s not uncommon to come across weaponized fare in third-party app stores, MobSTSPY is notable for having managed to also infiltrate Google Play with at least six different apps over the course of 2018.
“Part of what makes this case interesting is how widely its applications have been distributed,” said Trend Micro researchers Ecular Xu and Grey Guo, in a posting on Thursday. “Through our back-end monitoring and deep research, we were able to see the general distribution of affected users and found that they hailed from a total of 196 different countries.”
These run the gamut from Mozambique to Poland, Iran to Vietnam, Algeria to Thailand, Germany to Iraq and so on.
The Google Play apps specifically were Flappy Birr Dog, FlashLight, HZPermis Pro Arabe, Win7imulator, Win7Launcher and Flappy Bird, all of which appeared last year and are now gone from the store. Some were downloaded more than 100,000 times by users from all over the world.