Spyware que se disfarçava de aplicativo legítimo no Google Play afetou pessoas em 196 países do mundo.

Trend Micro, one of the global cybersecurity giants, recently discovered spyware - computer spy software - that aims to observe and steal personal information from users (detected as ANDROIDOS_MOBSTSPY) – which was disguised as legitimate Android applications. The malicious application was also found in other apps, such as the game called Flappy Birr Dog, FlashLight, HZPermis Pro Arabe, Win7imulator, Win7Launcher, and Flappy Bird. According to the company, the malicious apps were downloaded more than 100,000 times by users in 196 different countries, with India leading the list of countries with the highest number of victims — 31.77% of cases. Brazil lags behind Russia (7.56%), Pakistan (4.81%), Bangladesh (4.71%), and Indonesia (3.42%) with 3.26% of victims. Google has already removed all these apps from Google Play. Part of what makes this case interesting is how widely its applications were distributed. Through back-end monitoring and deep research by Trend Micro, it is observed that distribution spanned different countries, and the affected users came from a total of 196 different countries. Brazil ranked sixth among the most affected in the world. Also according to Trend Micro, the malware would be capable of accessing information such as user location, SMS conversations, call logs, and clipboard items. "It uses Firebase Cloud Messaging to send information to the server. As soon as the malicious application is launched, the malware first checks the device's network availability. Then, it reads and parses an XML configuration file from its C & C server," explains the report published by the company. The malware then collects certain device information, such as the language used, registered country, package name, device manufacturer, etc. Depending on the command received by the malware, it can steal SMS conversations, contact lists, files, and call logs. The malware is even capable of stealing and uploading files found on the device. Felippe Batista, a cloud information security specialist at Trend Micro, warns users to be cautious when downloading, even if the app is within the operating system's official stores. For him, "The popularity of apps serves as an incentive for cybercriminals to continue developing malicious software to steal information or carry out other types of attacks. Additionally, users can install a comprehensive cybersecurity solution to defend their mobile devices against mobile malware." In addition to its information-stealing capabilities, the malware can also collect additional credentials through a phishing attack. It is capable of displaying fake Facebook and Google pop-ups to phish for user account details. If the user enters their credentials, the fake pop-up will only inform that the login was unsuccessful. At that point, the malware would have already stolen the user's credentials. It is worth noting that Google has been trying to improve the application approval process to prevent this type of problem. The company releases quarterly security reports and removal of harmful apps through Google Play Protect. Source: TechTudo