zLabs researchers have uncovered a new variant of the MobOk campaign. The samples found evaded detection by AV vendors for months. Zimperium worked with Google to ensure removal from the Play Store.
The new variant samples:
- Hide themselves from mobile antivirus (AV) vendors;
- Subscribe to premium mobile services;
- Avoid image-based CAPTCHA;
- Avoid two-factor authentication (2FA); and
- Abuse the accessibility services to conduct malicious actions.