Mobdro Android Streaming App Pushes Wi-Fi Password Stealing Malware

  • Researchers claim that Mobdro is penetrating Wi-Fi networks and steals data from them.
  • The information is uploaded to a server in Indonesia, although the actors use VPN to hide the actual location.
  • The malware inside Mobdro can get updated, upgraded, and do a series of foul things to the infected device and/or network.

Mobdro is an Android streaming app that many uses as an alternative to the Kodi app but comes with much less credibility. In spite that fact, and due to its pirate-friendly nature and widespread support for devices like Amazon Fire TV Stick, Google Chromecast, and many Android OS versions, Mobdro has grown in popularity, enjoying a significant userbase nowadays. However, a report from “Digital Citizens” puts fuel in the fire of distrust, as Mobdro was found by researchers to be amongst shady applications that push Wi-Fi network credentials, malware stealers.

To put it simply, streaming apps like Mobdro that get access to our home Wi-Fi network are bypassing protective firewalls, so they can do whatever they want. As these apps don’t have a trusty vendor behind them, they are often the products of criminal networks or at least affiliates of them. According to the researcher, a malware piece incorporated within the Mobdro app has immediately forwarded his Wi-Fi network name and password to a server in Indonesia and then continued to upload various types of data collected from the device, reaching a mind-boggling size of 1.5 terabytes. Upon further investigation, the researcher realized that Mobdro had gained access on other devices connected to the same Wi-Fi network, and drew data from them as well.

In addition to this, the Mobdro app showcased capabilities of dynamic updating and even malware upgrading, as the encrypted stream of data that was coming to it contained various commands. These commands could order the app to point to a different update source, pull audio and video from other apps like a legitimate Netflix app, for example, commands to make the infected device take part in a DDoS attack, and various commands that pertained the application’s network invasion functionality. One of the interesting side-findings was a certain level of mandatory ad-pushing from Mobdro, which Digital Citizens believe to be revenue generators for the support of malicious infrastructure.

Cybersecurity firm GroupSense who joined in the study to help Digital Citizens draw safe conclusions believes that this is not necessarily the work or intention of the Mobdro developers, as hackers could have exploited vulnerabilities in the pirating app, infecting its download webpage and replacing the legitimate downloadable with a malicious one. This is just an assumption at this point, and for the end user, it doesn’t even matter. Mobdro was confirmed to be dangerous to the user’s network, and people should refrain from using it.

Are you using Mobdro? Have you noticed anything shady going on with it? Share your experience in the comments beneath, and help us spread the word of warning by sharing this post through TechNadu’s Facebook and Twitter.

REVIEW OVERVIEW

Recent Articles

How to Watch Magic Camp on Disney+

Kids are going to have a blast watching this new show on Disney+ called Magic Camp. Let's see how you can watch it online...

2020 Wyndham Championship Live Stream: TV Schedule, How to Watch

Now that the PGA Championship has ended, we are moving on to the next leg of the PGA Tour, namely the Wyndham Championship. We're...

iOS 14 Will Add “Approximate Location” in the App Permission Options

The iOS 14 will feature a new API for app developers, adding an option for approximate location. This feature is meant to...