Kodi alternative Mobdro steals users' Wi-Fi passwords, seeks to access shared media and installed apps
Mobdro is a streaming app that can be installed on any Android device, including phones, tablets, Amazon's Fire TV Stick, and Google's Chromecast. It has been gaining in popularity for a while now, especially after all the negative press surrounding rival service Kodi.
However, Mobdro is now facing controversy of its own after a new malware report made a number of damning claims about it.
According to the study carried out by cybersecurity company Dark Wolfe Consulting, and reported on by TorrentFreak, Mobdro forwarded users’ Wi-Fi names and passwords to a server reported to be in Indonesia, and uploaded a huge amount of data from the researcher’s device.
The report (PDF) makes the following claims:
- Malware within the app forwarded the researcher’s Wi-Fi network name and password to a server that appeared to be in Indonesia.
- Malware probed the researchers’ network, searching for vulnerabilities that would enable it to access files and other devices. The malware uploaded, without permission, 1.5 terabytes of data from the researcher’s device.
- Mobdro sought access to media content and other legitimate apps on the researcher’s network.
The report, which also covers Kodi and other streaming services, claims:
Once installed, the app checks or monitors for updates. Then, the malware from the apps detonates. Researchers observed that the app that sent the user’s wireless name and password up to an external server in Indonesia then began probing the network and talking to any file-sharing services on the Local Area Network. It also "port knocked," a process to look for other active malware.
The app was also ingesting the stream data that was encoded or encrypted (depending on which app was under evaluation -- both of these types of obfuscation were found). Streams could contain commands that enabled hackers to control the app remotely. If the app is running on a jailbroken device, the app could surreptitiously pull audio and video from a smart TV. The commands could also tell the app to update from another source, pulling down more malware functionality. This is an easy way for hackers to invade networks and evade security.
Now, while this is all very worrying for Mobdro users, it is worth pointing out that the report was commissioned by the Digital Citizens Alliance, which is an anti-piracy group, so the findings should perhaps be taken with a pinch of salt.