MobOk
Mobile phones are a very appetizing target for cybercriminals since they may provide them with access to a broad range of tools that would allow them to steal money from their victims, or generate money via other means (such as running a mobile cryptocurrency miner). Unfortunately, many people do not take the security of their smartphone seriously, and they are the ones that are most prone to becoming victims of Android malware like MobOk, a new threat that is being spread as a fake photo editing application.
The MobOk malware is believed to have reached over 10,000 users since this is the total number of downloads that the two bogus applications managed to accumulate. Both the 'Pink Camera' and 'Pink Camera 2' Android applications were hosted on the Google Play Store, and users who downloaded them may have introduced the MobOk backdoor Trojan to their smartphones unknowingly. To make their fraudulent scheme more believable, the authors of the MobOk Trojan introduced working photo editing features in both applications – while the tools were very limited in terms of functionality, they may have tricked some users into thinking that the applications are legitimate successfully.
Once the 'Pink Camera' or 'Pink Camera 2' applications were installed, they prompted the user to provide them with the following permissions:
- Access to notifications.
- Access to device information and the user's phone number.
- Access to Wi-Fi and notifications settings.
This is all that the authors of the MobOk Trojan need to execute their devious deeds. Not only would the threat gather data about the infected device and transfer it to the command & control server automatically, but it also would sign up the user for fake paid subscription services that were set up by the attackers silently. Of course, this is a rather noisy operation to perform, and this is why the MobOk Trojan took some measures to keep its activity under the radar:
- It would suspend the phone's Wi-Fi connection.
- It would enable mobile data.
- By doing so, it would be able to sign up the user for the paid services mentioned above, and all charges would go to the victim's phone bill, therefore ensuring that they will notice anything until they see their next invoice.
- Usually, signing up for paid subscriptions requires SMS confirmation, but this is not a problem for MobOk since it can access the user's notifications and messages, and then apply the SMS confirmation code automatically.
While MobOk is not a state-of-the-art piece of Android malware undoubtedly, its authors have managed to program it to perform a relatively simple task in an ingenious and silent way. The nasty trick of racking up all charges on the user's phone bill makes it very difficult to detect the harmful activity on time, therefore guaranteeing that the attackers will get their payout.
The 'Pink Camera' and 'Pink Camera 2' applications have been taken down from the Google Play Store, but MobOk's authors may launch another propagation campaign using other bogus application very soon probably. We advise you to keep your smartphone or tablet protected by a trustworthy anti-virus tool, as well as stay away from unknown Android applications with a questionable reputation.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.