Hundreds of Thousands Download Spyware from Google Play

By: Ionut Arghire

Hundreds of thousands of users ended up with spyware on their devices after downloading seemingly legitimate applications from Google Play, Trend Micro security researchers have discovered. 

Detected as MobSTSPY, the malware, which can gather various information from the victims, isn’t new. For distribution, its operators chose to masquerade the threat as legitimate Android applications and submit them to Google Play.

Trend Micro discovered a total of six such applications, including FlashLight, HZPermis Pro Arabe, Win7imulator, Win7Launcher, Flappy Bird, and Flappy Birr Dog. Available for download in Google Play in 2018, some of these were downloaded over 100,000 times by users from all over the world.

Once one of these applications has been installed on the victim’s device, the spyware can proceed to stealing information such as SMS conversations, call logs, user location, and clipboard items. The malware sends the collected information to the attacker’s server using Firebase Cloud Messaging.

Upon initial execution, the malware checks the device’s network availability, after which it reads and parses an XML configuration file from its command and control (C&C) server. Next, it collects information such as language used on the device, registered country, package name, manufacturer, etc.

The information is then sent to the C&C server for registration purposes. After this step has been completed, the malware waits for the server to send over commands to execute.

Based on the received commands, the spyware can not only steal SMS messages and call logs, but can also retrieve contact lists and files found on the device.

The malware can also perform a phishing attack to gather credentials from the infected device, the security researchers discovered. It can display fake Facebook and Google pop-ups, thus tricking the user into revealing their account details.

After the user provides the credentials, a fake pop-up informs them the log-in was unsuccessful, but at this point the malware has already stolen the credentials.

“Part of what makes this case interesting is how widely its applications have been

More: https://www.securityweek.com/hundreds-thousands-download-spyware-google-play

FIFA admits hack and braces for new leaks

By: Catalin Cimpanu

 

March 2018 phishing incident pegged as possible origin of latest hack and subsequent data theft.

FIFA officials are bracing for new damaging leaks to be published this week after soccer’s governing body fell victim to a phishing attack.

FIFA President Gianni Infantino admitted to the new hack while talking to the press after a FIFA Council meeting last week in Kigali, Rwanda.

He said that both FIFA, soccer’s global governing entity, but also UEFA, Europe’s soccer body, had received hundreds of questions from journalists about subjects only recorded in FIFA confidential documents.

Officials believe that someone at FIFA fell victim to a phishing attack this March, the New York Times reported on Tuesday.

Hackers are believed to have used this entry point to gain access to confidential data, which they have now leaked to Football Leaks, a website that became famous in late 2015 after it started publishing internal FIFA documents revealing the dirty dealings of the soccer player market. The 2015 leak, believed to have been caused by insiders, led to the firing of many FIFA officials and the prosecution of soccer superstars such as footballer Cristiano Ronaldo and coach Jose Mourinho.

The Football Leaks organization has already shared some of the files obtained from the recent hack with news agencies part of the European Investigative Collaborations (EIC), which said it plans to publish the new revelations starting this Friday, November 2.

More: https://www.zdnet.com/google-amp/article/fifa-admits-hack-and-braces-for-new-leaks/