Jump to content

Mobdro Pirate Streaming App Slammed in Malware Report

The AchieVer

Recommended Posts

The AchieVer

Mobdro Pirate Streaming App Slammed in Malware Report

Popular pirate streaming app Mobdro has been slammed in a new study carried out by a network security company on behalf of an anti-piracy group. Among other things, it's claimed that the software quietly obtains users' WiFi passwords and seeks to access media and other legitimate apps on users' networks.


In recent years, millions of users around the world have turned to Android-based applications for their piracy fix. 


They’re mostly free and easy to install, quickly providing access to the latest movies, TV shows, live sports, and PPV events.


Entertainment industry groups have long insisted that users of these applications are putting themselves at risk of malware and similar issues, but it’s fairly uncommon for them to go into much detail.


That changed today with the publication of a study carried out by the Digital Citizens Alliance in conjunction with network security company Dark Wolfe Consulting. Some of the key findings concern the popular live streaming application known as Mobdro.


The researchers say that after installing the Android application, it forced an update and then forwarded their Wi-Fi name and password to a server that identified as being located in Asia. Mobdro then started to seek access to media content and other legitimate apps on the researchers’ network.


“Researchers observed that the app that sent the user’s wireless name and password up to an external server in Indonesia then began probing the network and talking to any file-sharing services on the Local Area Network. It also ‘port knocked,’ a process to look for other active malware,” they write.


“[A]fter the initial update, the device accepted commands from a threat actor. Those commands may come from the app itself or from the movie streams. With each selection of content, the user opens the door to a new set of commands and malicious payloads from a threat actor to a device in use.”


It’s not explained how the video streams themselves could contain malware. Mobdro is believed to scrape the web for content, much like Kodi add-ons do, and security experts haven’t seen malware in video streams


However, the researchers state that the “commands in the apps or from the movie streams” were “either encrypted or encoded, making it difficult to analyze for infection.” It’s a vague statement that the study builds on, noting that encrypted commands could perform an update, retrieve malware, take part in a DDoS attack, or obtain files stored on the device or network – such as images, movies or documents.


There’s little doubt that the behavior highlighted above is not something the average person would expect from a video streaming app. However, it should be noted that the Mobdro software actually asks the user to grant permission to their photos, media, files and device location.


Most will blindly grant those permissions instead of declining, of course, and it sounds like the researchers followed that lead.


Furthermore, in view of the researchers’ findings, it’s also worth highlighting the chaotic situation that surrounds Mobdro and many similar apps that facilitate access to illicit streams of movies and TV shows. Crucially, these aren’t allowed on official platforms like Google Play.


So, where it was once pretty obvious where the ‘official’ app could be obtained, there are now a large number of ‘fake’ sites also offering ‘hacked’ variants of the software, any one of which could have experienced tampering. The researchers do not reveal the source of their installation files.


Another point of interest is raised when the researchers note that the software they installed also makes it possible for a “threat actor” to log in to a user’s device and then navigate away from the device to the Internet, effectively posing as the user online. 


While this initially seems like a shocking claim, anyone who reads the official app’s EULA before installing the software will see for themselves that Mobdro is pretty upfront about this unpopular ‘feature’. Users of the software that choose not to see adverts find themselves agreeing to become peers on the (in)famous Luminati network, meaning that their bandwidth and IP address can indeed be used by others.


It’s far from ideal (who wants their connections used by others apart from Hola users?) but the site that hosts the software makes this clear, to those who bother to read the small print at least. Which is probably very few people indeed, sadly.


TorrentFreak requested comment from the operators of the official Mobdro client but at the time of publication, we were yet to hear back.




Link to comment
Share on other sites

  • Replies 3
  • Views 916
  • Created
  • Last Reply

If you don't like it you can use a cracked version or look at ads  you don't have opt in to that  none of the Kodi addon forks were they remove the ads for this one seems to working at the moment they come and go, sometime work sometime don't .


Mobdro done covered this already  at reddit there very upfront about what there app do and don't do.


A couple of things we would like to make clear:


  • The app is NOT Mining in the background, IT's NOT.
  • In exchange for not seeing ads the device becomes a peer in a network where it share its network resources, this only happens under the following circumstances:
    • Device is plugged or over 60% battery.
    • Device is connected to Wifi or Ethernet.
    • Device is idle (not in use)
  • Again is NOT used for mining or anything similar.
  • The app does NOT collect any user data.
  • If you are not satisfied with that you can choose the ads option, which is the default option.
  • This process is completely transparent and can be activated or deactivated at will from settings.
  • The app does not activate ads mode or deactivates it without user approval also does not change from one mode to another in the background or anything like that. User has to click and choose the mode it wants.
  • The write and read to external storage permission is used for downloading app updates and using the download/casting features without that the app can't work.
  • The app does not read any files from external storage not belonging to Mobdro. All the files the app uses can be found under /sdcard/Mobdro.
  • The location permission pretended use is to show streams near the user, but probably we will get rid of it in the next update.




Also   The Digital Citizens Alliance  can't be trusted  they work for the MPAA and are part of the MAFIAA !



Group Accusing YouTube of Helping Hackers Has Ties to Film Lobby



This the same group that claimed if you watch YouTube hackers will hack you. :lmao:



Link to comment
Share on other sites

  • Administrator

Concerning. But at the same time I did not know the app had to ability to disable ads. Thankfully I did not know / remember / use that.

Link to comment
Share on other sites

  • 3 months later...


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...