Mobdro streaming app turned Android devices into proxies for attackers

by Emma Davis
March 17, 2021
Mobdro streaming app
Written by Emma Davis

Last week, Spanish police seized the servers of Mobdro, a pirated video streaming app that used about 43 million people with over 100 million downloads.

TorrentFreak notes that the popularity of Mobdro can be compared to Popcorn Time, Showbox and Terrarium TV, as users were chosing Mobdro due to live streaming, sports channels and other content.

According to Eurojust, the investigation of Mobdro’s activities began in 2018, following complaints from the Spanish Professional Football League (La Liga), the Premier League and the Alliance for Creativity and Entertainment.

As a result, last month the combined efforts of Europol, Interpol, Eurojust and the Spanish authorities led to an operation against a former Spanish citizen who moved to Andorra, and three engineers who worked for him.

Law enforcers took the following actions:

  • 3 house searches (2 in Spain and 1 in Andorra);
  • 3 arrests (3 in Spain and 1 in Andorra);
  • received 3 court orders to block domains;
  • blocked 20 domains and servers;
  • frozen bank accounts;
  • shut down one server in Portugal, and another one is being studied in the Czech Republic.

Since Mobdro was used to view unlicensed content by about 43 million users, law enforcement officers believe that the owners of the application earned more than 5 million euros on it.

Most of the revenue came from in-app ads and the sale of users’ personal data to advertisers.

As the investigation progressed, the police discovered another source of income: the app was registering user devices on another company’s network.say the Spanish authorities.

The Spanish authorities and Europol did not disclose the name of this company, but claim that it used the infected devices as a proxy for those who need anonymity, and also used them to organize DDoS attacks.

I must say that the malicious functionality of Mobdro did not come as a surprise to cybersecurity experts. Back in 2019, specialists from Digital Citizens wrote in their report that the application was dangerous and associated with a botnet. The researchers cited the following facts:

  • after downloading, the application transmitted the login and password from the Wi-Fi network to the server, which seems to be located in Indonesia;
  • Mobdro investigated the user’s network in search of vulnerabilities that would allow him to gain access to files and other devices. In the Digital Citizens test, it offloaded over 1.5 TB of data from the researcher’s device;
  • Mobdro was looking for access to media content and other legitimate applications;
  • criminals impersonate well-known streaming sites such as Netflix, making it easier for themselves to access the legitimate subscription of a real user.

Let me remind that Google removes 17 Android apps with Joker malware.

Sending
User Review
2 (1 vote)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

View all posts

Leave a Reply

Sending