Malware in Flappy Birr App Flies Away with Data


Researchers at Trend Micro discovered spyware that had successfully disguised itself as a legitimate Android application. Initially found in a game called Flappy Birr Dog, the malware has been widely distributed, affecting users from 196 different countries.

According to research, the application was available on Google Play and had more than 100,000 recorded downloads from users worldwide. In total, the spyware was discovered in six different applications, all of which have been suspended from Google Play, though five of the apps were removed in February 2018.

The spyware, ANDROIDOS_MOBSTSPY, was reportedly stealing information that included not only user location but also SMS conversations and call logs. “It uses Firebase Cloud Messaging to send information to its server. Once the malicious application is launched, the malware will first check the device’s network availability. It then reads and parses an XML configure file from its C&C server,” researchers wrote.

In addition, the malware has phishing capabilities and displayed fake pop-ups from Facebook and Google. The pop-ups prompted the user to enter log-in information, though the attempt would fail and deliver an “unsuccessful log-in” alert, albeit too late because the credentials had already been stolen.

“Attackers are getting better and better at sneaking malware onto official app stores, which they view as the ultimate distribution channel for their criminal schemes,” said Sam Bakken, senior product marketing manager, OneSpan. ”And we won’t see this trend abate any time soon with the potential for fraud that opens up via mobile apps and devices. Not only do we all need to continue to educate users on mobile hygiene, banks, retailers, etc., that engage with their customers via mobile apps need to be sure their apps are secured against malware that targets their apps and users. Thankfully, technology exists that can be easily integrated into existing mobile apps that monitors those apps in real-time to take action on attacks such as these.”

Products You May Like

Articles You May Like

5 Ways MVISION XDR Innovates with MITRE ATT&CK  
More Money, Less Problems: XDR Investment Can Protect the Financial Services Industry
Italian charged with hiring “dark web hitman” to murder his ex-girlfriend
Pwn2Own 2021: Zoom, Teams, Exchange, Chrome and Edge “fully owned”
Clarence Thomas plays a poor devil’s advocate in floating First Amendment limits for tech companies

Leave a Reply

Your email address will not be published. Required fields are marked *