As reported by TrendMirco, a new malware has been discovered which can be disguised as legitimate Android apps in order to gather user information.
The research firm also highlights that the apps were available on the Google Play Store in 2018 and have also recorded over 1,000,000 downloads worldwide. The company investigated six such apps — Flappy Birr Dog, FlashLight, HZPermis Pro Arabe, Win7imulator, Win7Launcher and Flappy Bird. Learning about the malware Google has removed these apps from the Play Store.TrendMircro claims that the malware is capable of stealing information like user location, SMS conversations, call logs and clipboard items. In an official blog the company adds, ‘the malware uses Firebase Cloud Messaging to send information to its server. Once the malicious application is launched, the malware will first check the device’s network availability. It then reads and parses an XML configure file from its C&C server. It sends the gathered information to its C&C server, thus registering the device. Once done, the malware will wait for and perform commands sent from its C&C server through FCM.’
On the basis of the command received the malware can steal SMS conversations, contact lists, files, calls logs and other information. It can also steal and upload files from various apps such as WhatsApp, Facebook and others.It is also capable of launching a Phishing attack by displaying fake Facebook and Google pop-ups to phish for the user’s account details.In order to protect yourself from any such malware, TrendMirco suggest the users to install only useful apps. Moreover, before downloading an app users must read about it on the internet. Along with this, users can install a comprehensive cybersecurity solution to defend their mobile devices against mobile malware.