Apps capable of stealing WhatsApp data detected on Play Store
What's the story
A spyware capable of stealing user data from smartphones, including WhatsApp data, has been flagged on the Google Play Store. The critical program infiltrated the Store through as many as six apps and was downloaded at least 100,000 times by Android users. It affected people from nearly 200 countries, with most being from India. Here's more on it.
Spyware details
Multiple games, utility apps hosted the spyware
The spyware, which has been dubbed 'ANDROIDOS_MOBSTSPY', was detected by security researchers at Trend Micro. It posed as regular games and apps on the Store to lure users into downloading them and then stealing their information. The apps in question included a malicious version of 'Flappy Bird', its dog-based clone 'Flappy Birr Dog', and general-purpose apps named 'FlashLight, HZPermis Pro Arabe, Win7imulator, Win7Launcher'.
Attack
But, how these apps stole information?
Once the app hosting the spyware was installed and launched, MOBSTSPY checked internet connection and established a connection with its command and control server. After this, it transmitted basic device information (like language, registered country, and manufacturer) and registered the device with the server, allowing the attackers to send commands and steal information from the infected device, remotely.
Files at risk
And, this opened access to almost everything
The spyware, as the researchers claimed, was capable of stealing almost everything from the infected device. This included data ranging from call logs, contacts, and personal messages to audio, video files and photos on the device. Even data tied to platforms like WhatsApp, Snapchat, and Facebook wasn't protected from this spyware, the researchers demonstrated after analyzing the apps.
Information
More worryingly, the apps even phished users for their data
In the same report, Trend Micro revealed the spyware also displays seemingly legit pop-ups from Facebook and Google to phish users into entering their confidential emails and passwords. Once the details are entered, the fake page displayed an error, but the app transmitted that data.
Do you know?
Google took down the apps after detecting spyware
As is always the case, Google came to the rescue and took down all six apps from the Play Store. However, as some of these apps had over 100,000 downloads, it remains unclear if these users' data was stolen.