Researchers spotted a new Android malware hidden behind six different Android applications that were available for download in Google Play. The six apps include Flappy Birr Dog, Flappy Bird, FlashLight, Win7Launcher, Win7imulator, and HZPermis Pro Arabe. Out of these six apps, five have been removed from Google Play since February 2018.
However, these applications have been downloaded at least 100,000 times by users across 196 countries with the majority of victims residing in India. The affected countries include India, Russia, Pakistan, Bangladesh, Indonesia, Brazil, Egypt, Ukraine, Turkey, United States, Sri Lanka, Italy, Germany, Saudi Arabia, and more.
Researchers from TrendMicro detected spyware dubbed as ANDROIDOS_MOBSTSPY which is capable of stealing information such as user location, call logs, SMS conversations, and clipboard items. The malware uses Firebase cloud messaging to send information to its C2 server.
Other capabilities of the Malware
The capabilities of the malware include,
Most users will not doubt the fake screens or pop-ups and are most likely to fall prey for the attack. When the users provide their username and password for the first time, the malware shows them that the log-in was unsuccessful, but the login credentials have already been stolen by the malware.