The unending saga of Android malware didn’t end in 2018. Cybersecurity firm Trend Micro reported late last week that spyware disguised as legitimate apps on the Google Play store has been gathering data from unsuspecting Android users. In fact, researchers say the spyware (MobSTSPY) has been downloaded “over 100,000 times from users all over the world” in 196 countries.
Trend Micro specifically cited six apps that were available on Google Play as being infected, including cloned games such as Flappy Birr Dog and Flappy Bird, as well as a flashlight app and a couple of emulators. According to Trend Micro, all six apps had been removed from Google Play by the time they shared their report.
“Usually Google enforce more stringent checks for new apps, but as updates are made to the app over time and they are proven not to be malicious from the offset, the level of checking may be reduced,” Trend Micro’s Bharat Mistry told ZDNet last week. “Once the app has gained some credibility and has a good distribution of users, the app developer will then issue an update which enables the malicious features.”
As described by the firm, MobSTSPY works by using Firebase Cloud Messaging to send information to a server. It can collect a wide variety of private information, including “user location, SMS conversations, call logs and clipboard items.” As if that wasn’t scary enough, the spyware is also capable of gathering information via phishing attacks by displaying fake Facebook and Google pop-ups that ask the user to log into their respective accounts.
Trend Micro explains that one of the most interesting elements of this case (since Android malware isn’t exactly a new phenomenon) is just how far it managed to spread. Android users in 196 countries were affected, and the US was in the top ten. If you haven’t figured this out yet, you have to remain vigilant when downloading apps on any device, even if you think you’re getting the app from a trusted source — like an official app store.