Malware designed to steal users’ information in order to subscribe to paid mobile services

Woburn, MA – June 20, 2019 — / — Kaspersky experts have discovered the money-stealing MobOk malware hiding within seemingly legitimate photo editing apps available on the Google Play store. The apps, titled ‘Pink Camera’ and ‘Pink Camera 2’, had been installed around 10,000 times at the time of detection, and they have now been removed from the Google Play store. The apps were designed to steal personal data from victims and use that information to sign them up to paid subscription services.

The MobOk malware is a highly dangerous backdoor, as it can offer the attacker almost complete control over an infected device. Although content uploaded to Google Play is thoroughly filtered, this is not the first time that these kinds of threats have made their way onto users’ devices through the online store. In many cases, malware is concealed by a semi-functioning app, which appears at first glance to be a poor, but innocent attempt to create a legitimate app. Likewise, the Pink Camera apps did not arouse suspicion because they included genuine photo editing functionality and had been downloaded from the trusted Google Play store.

However, as soon as users began editing their pictures using the Pink Camera apps, the apps requested access to notifications, which initiated the malicious activity in the background. Once a victim was infected, the MobOk malware collected device information, such as the associated phone number, in order to exploit this information in later stages of the attack.

The attackers then sent details of webpages offering paid subscription services to the infected device. With this kind of service, charges are made directly to a user’s phone bill, rather than to a credit or debit card. This payment model was originally developed by mobile network operators to make it easier for customers to subscribe to premium services, but it is now often abused by cybercriminals.

The malware opened the subscription service webpages, acting like a secret background browser. Using the phone number previously extracted, the malware inserted it into the “subscribe” field and confirm the purchase. Since it had full control over the device and was able to check notifications, the malware would enter the SMS confirmation code when it came through – all without alerting the user. The victim would later start to incur costs and continue to do so until they spotted the payments in their phone bill and unsubscribed to each service.

“The Pink Cameras’ photo editing capability was not very impressive, but what they could do behind the scenes was remarkable: subscribing people to malicious, money-draining services in Russian, English and Thai; monitoring SMS; and requesting Captcha recognition from online services,” said Igor Golovin, security researcher at Kaspersky. “This means that they also had the potential to steal money from victims’ bank accounts. Our theory is that the attackers behind these apps created both the subscription services, not all of which were genuine, and the malware that hooked subscribers, and designed them to reach an international audience.”

To avoid falling victim to malicious apps, Kaspersky researchers advise consumers to:

  • Remember that even a trustworthy source, such as an official app store, can contain dangerous apps. Be vigilant and always review application permissions during install. Check the app ratings and reviews on official stores, such as Google Play or the App Store. Malicious apps will sometimes receive low ratings and users will post comments that warn others about the risk of malware. If you are about to install such an app, pay extra attention to its permission requests.
  • Install system and application updates as soon as they are available — they patch vulnerabilities and keep devices protected.
  • Use a reliable security solution for comprehensive protection from a wide range of threats, such as Kaspersky Security Cloud.

Read the full report on

About Kaspersky
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at

Media Contact
Meghan Rimol

Source: Kaspersky




General Tags: online backup, compare online backups, data security, online file backup, top rated online backups, online backup news, online backup companies, online backup services, online data backup, CEO interviews, online file storage, cloud computing, data storage, online backup providers directory, software as a service, online backup reviews, backing up online, SaaS

Like us on Facebook

Do you like this post? Subscribe to our RSS feed ===========================


Related posts:

  1. Google Launches Easier Discovery of Third-Party Apps for Google Apps Customers
  2. Spanning Cloud Apps Goes Mobile with Audit Log for Google Apps
  3. Over 900,000 Users Hit in a Year by Fake Video Games Spreading Malware, Kaspersky Research Finds
  4. ShadowPad: Attackers Hid Backdoor in Software Used by Hundreds of Large Companies Worldwide
  5. Phishers and Spammers Lurk Behind Thousands of Fake Flight and Accommodation Offers
  6. SugarSync, Cloud Online Backup, Storage, Sync and Share Company, Updates iOS and Andriod Apps, Adds Text Editing
  7. Backupify, Social Media Online Data Backup Specialist, Releases Industry First One-Click Restore for Google Apps
  8. Storage Guardian Announces Cloud Backup Support for Google Apps
  9. Metiix Launches New Google Apps Data Protection
  10. Metalogix Launches Metalogix SharePoint Migration Manager for Google Apps

Tags: , ,