MobOk

Ever since smartphones became something that everyone has in their life, cybercriminals have been finding more and more ways to exploit this. Some plant cryptocurrency miners, others collect data, the shams and tactics are endless, but regardless of what the method is, the conclusion is the same – users need to take the security of their mobile devices seriously.

Recently, a piece of malware targeting Android has been making the news, boasting over 10,000 infected devices. The malware in question is called the MobOk backdoor Trojan. The MobOk malware is being spread via two photo editing applications on the Google Play Store – ‘Pink Camera’ and ‘Pink Camera 2.’ The authors of the MobOk backdoor have made sure to make the applications spreading their threatening creation look legitimate. When a user downloads either one of the applications, they will give MobOk Trojan access to their system. To reduce the chances of the user suspecting that there are some shady operations going on, both apps work like photo editing tools despite having a fairly limited set of features.

When either one of the apps is installed on the phone, it will request the user for permissions to access the device information, notifications, notification settings, Wi-Fi, and the victim’s phone number. The attackers will then collect data about the infected device and siphon it to their C&C (Command & Control) servers. However, this is not all that the MobOk backdoor does. This threat will subscribe the victim to bogus paid services that the attackers have set up. To remain unnoticed by the user, the MobOk Trojan will switch off the Wi-Fi on the infiltrated device and instead enable the mobile data. This is done so that the paid subscription would go to the phone bill of the victim, which makes it much more difficult to notice until they see the monthly invoice. The MobOk backdoor has made sure to get access to the victim’s text messages, as many paid subscriptions require a verification text to be sent to the user. This threat will automatically recognize the code required and will apply it.

Despite such campaigns leaving quite the noisy trails, the authors of the MobOk Trojan have managed to reduce the noise greatly and have likely banked a lot of cash on the backs of innocent users who just wanted to edit a few photos. Operations like this really have to remind users worldwide that the security of their smartphone can be as important as the security of their computer and cannot be taken lightly.