New and dangerous Android malware affects users from 196 countries

Cybersecurity researchers discovered spyware, named ANDROIDOS_MOBSTSPY, disguised as multiple legitimate Android applications.

All the applications were available for download on Google Play with some already having over 100,000 downloads all over the world.
The applications that contained the malware were: Flappy Birr Dog, FlashLight, HZPermis Pro Arabe, Win7imulator, Win7Launcher, and Flappy Bird.

Good news is that Google has already removed all of these applications from Google Play.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;

ANDROIDOS_MOBSTSPY modus operandi:
Information stealing
MobSTSPY is capable of stealing information like user location, SMS conversations, call logs and clipboard items.
When the malicious application is launched, the malware will first check the device’s network availability. It then reads and parses an XML configuration file from its C&C server.

The malware will then collect certain device information such as the language used, its registered country, package name, device manufacturer etc.

All the gathered information is sent to its C&C server.
Researchers warn that depending on the command the malware receives, it can steal SMS conversations, contact lists, files, and call logs.
During a malware analysis it was discovered that in addition to this info-stealing capabilities, the malware can also gather additional credentials through a phishing attack. It’s capable of displaying fake Facebook and Google pop-ups to phish for the user’s account details. The fake pop-up will only state that the log-in was unsuccessful.

Among the affected countries are Mozambique, Poland, Iran, Vietnam, Algeria, Thailand, Romania, Italy, Morocco, Mexico, Malaysia, Germany, Iraq, South Africa, Sri Lanka, Saudi Arabia, Philippines, Argentina, Cambodia, Belarus, Kazakhstan, Tanzania, United Republic of Hungary, and many others.

This case fully illustrates that despite top cybersecurity measures implemented by Google, users must remain cautious when downloading them to their devices.

Keep in mind that our modern society is dependent on computers, mobile devices, and the use of the internet always stay safe and secured.
We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.

Indicators of Compromise
Package Name
Download Count
HZPermis Pro Arabe
50 to 100
Flappy Bird
1,000 to 5,000
100,000 to 500,000
50 to 100
Flappy Birr Dog
C&C Servers