Posted on January 5, 2019 at 7:41 AM
Another Malicious Flappy Bird Clone Found on Google Play Store
According to a recent report published by Trend Micro security researchers, yet another string of apps and games infected with malicious software was discovered in the Google Play Store. This has been a recurring problem for Google, and year after year, the tech giant is continuously forced to remove malicious apps.
The situation persisted in 2018, and according to the new Trend Micro report, 2019 will likely have to deal with the same problems. According to Trend Micro, one of the malicious apps is a clone of the popular smartphone game, Flappy Bird. The original game went viral years ago, and it has inspired the creation of countless clones ever since.
However, researchers have been reporting these clones for years, as most of them were infected with some sort of malicious software. The app that was reported this time supposedly contains a new form of spyware, ANDROIDOS_MOBSTSPY. The spyware has been found in multiple apps apart from Flappy Bird, including Flappy Birr Dog, HZPermis Pro Arable, Win7Launcher, Win7imulator, as well as FlashLight.
How does the spyware work?
Since its discovery, the malware was named MobSTSPY, and it is capable of stealing and sharing date as soon as it gets downloaded. It collects information that includes SMS conversations, call logs, location data, and even clipboard data. Furthermore, it uses Firebase Cloud Messaging platform in order to communicate with its developer/user.
As soon as it gets downloaded on the device, the spyware is searching for internet connection. Once it finds it, it downloads an XML configuring file, and it starts gathering data.
Researchers claim that the spyware has already infected devices in around 196 countries around the world. The highest percentage of infected users is believed to be in India, where approximately 31% of infected devices were traced to. Other high-ranking countries include Russia (7.54%), Pakistan (4.81%), Bangladesh (4.71%), Indonesia (3.42%), Brazil (3.26%), Egypt (3.04%), Ukraine (2.62%), Turkey (1.67%), and the US (1.53%).
Apart from being able to steal private information, the apps also contain phishing tools, which tend to replace pop-ups from popular applications, such as Google and Facebook. If the user attempts to log into one of these apps, their login credentials are sent to hackers.
Researchers were unable to pinpoint the exact number of users that may have lost their login details to hackers at this time. However, the infected apps already have more than 100,000 downloads, which might mean that the same number of users are impacted, in the worst case scenario.
Users who have downloaded one of the mentioned apps are advised to remove them as soon as possible, as well as to change their login data.
Meanwhile, this incident serves as yet another reminder that malicious threats remain a very widespread and serious issue. Despite its efforts, Google still cannot manage to keep malicious apps out of the Play Store, and their numbers seem to be increasing with each new year.
Apart from spyware, it is also possible to download other kinds of malicious software, including cryptojacking malware, and possibly even ransomware. Unfortunately, the majority of users remain unaware of the danger, and while awareness of these threats has grown when it comes to PC-based threats, the same is not true in case of smartphones, tablets, and other such devices.