Thursday, May 8, 2025
HomeAndroidHackers Take Complete Control of Your Android Device by Launching MobOk Malware...

Hackers Take Complete Control of Your Android Device by Launching MobOk Malware via Fake Photo Editing Apps in Google Play

Published on

SIEM as a Service

Follow Us on Google News

Researchers discovered a fake photo editing apps which are used by cybercriminals to launch MobOk Malware that takes complete control of the infected Android device.

Threat actors are targeting Android users through legitimate Google play store app and hiding this malware to steal money by letting users subscribe to premium services.

Two photo editor apps were uncovered ‘Pink Camera’ and ‘Pink Camera 2’  which has been installed nearly 10, 000 times.

- Advertisement - Google News

These apps were intended for uploading in the Google play store to steal personal data from victims Android device and use that to sign them up to paid subscription services.

Researchers described this MobOk malware as a powerful backdoor since it has sophisticated capabilities to take almost complete control over the infected Android device.

Developers of this Pink Camera apps added evasion techniques to hide suspicious activities and avoid detection. The apps included a genuine photo editing functionality, and the users completely believe it since the app downloaded from the Google Play Store.

Once the app will be installed into the victims mobile, it requests to grant permission for the notification from the user and perform malicious activities in the background.

The primary motivation of these apps has subscribed the user to paid mobile subscription services.

MobOk Malware Infection Process

After the complete infection, MobOk malware starts collecting the device information, including phone number and the attackers send the webpage for the premium subscription, which requires users to pay for the service.

Meanwhile, The malware will open a secret browser in the background, and it uses the victim’s phone number that was already collected and the Malware would insert it into the “subscribe” field and confirm the purchase.

Examples of “subscription” pages

MobOk Malware already had complete control of the victims mobile, it grabs the SMS verification code notification and enters it on behalf of the user.

According to Kaspersky research, “The Pink Cameras’ photo editing capability was not very impressive, but what they could do behind the scenes was remarkable: subscribing people to malicious, money-draining services in Russian, English and Thai, monitoring SMS and requesting Captcha – the code that you need to write down to prove you are not a robot – recognition from online services. 

By look and working wise, both apps are very ordinary, but the malicious activities start when it is seeking permission for various controls such as to request access to Wi-Fi controls which is entirely unusual for this apps.

“While users upload the phone into the app to edit the app collects information in the background about the device and sends it to the server ps.okyesmobi[.]com,” Kaspersky reported.

Indicators of Attack

SHA256

  • 7F5C5A5F57650A44C10948926E107BA9E69B98D1CD1AD47AF0696B6CCCC08D13
  • E706EB74BAD44D2AF4DAA0C07E4D4FD8FFC2FC165B50ED34C7A25565E310C33B
  • 796A72004FAE62C43B1F02AA1ED48139DA7975B0BB416708BA8271573C462E79
  • C5CA6AA73FDCB523B5E63B52197F134F229792046CBAC525D46985AD72880395
  • B9038DC32DE0EA3619631B54585C247ECFD304B72532E193DED722084C4A7D1C
  • D4406DEE2C0E3E38A851CEA6FD5C4283E98497A894CA14A58B27D33A89B5ED5F
  • 59D64FBFF1E5A9AC1F8E29660ED9A76E5546CA07C2FF99FE56242FA43B5ABEC3
  • C5B6146D7C126774E5BB299E732F10655139056B72C28AA7AD478BD876D0537E

Also Read:

Hackers Uploaded 130 Malicious Apps on Google Play Store to Generate Illegal Revenue

138 Android Anti Virus Apps are Frauds in Play Store – Only 23 Apps Performed 100% Malware Detection

206 Malicious Android Adware Apps Downloaded 150 Million Times from Google Play Store

Beware !! These 22 Malware Apps in Playstore Drained Your Battery & Steal Personal Data – 2M Users Infected

Malicious Apps from Google PlayStore Bypassing SMS-Based Two-Factor Authentication and Steal OTPs in SMS

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

LockBit Ransomware Group Breached: Internal Chats and Data Leaked Online

The notorious LockBit ransomware group, once considered one of the world’s most prolific cyber...

Cisco IOS XE Wireless Controllers Vulnerability Lets Attackers Seize Full Control

A critical security flaw has been discovered in Cisco IOS XE Wireless LAN Controllers...

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Lampion Banking Malware Uses ClickFix Lures to Steal Banking Credentials

Unit 42 researchers at Palo Alto Networks, a highly targeted malicious campaign orchestrated by...

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Over 2,800 Hacked Websites Targeting MacOS Users with AMOS Stealer Malware

Cybersecurity researcher has uncovered a massive malware campaign targeting MacOS users through approximately 2,800...