In a raid at the Android app developer’s premises, the Spanish police arrested the operators of the controversial app and seized servers. The app broadcasted pirate video streams and secretly sold users’ personal data. It also turned smartphones into proxies and DDoS botnets.
Mobdro was distributed from a dedicated website that is still operating as of the time of writing. The app has been downloaded over 100 million times, according to the Spanish National Police.
Once users installed Mobdro they could access and view pirated video streams, most of them online sporting events.
Spanish officials began to investigate the app in 2018 after receiving complaints from a few soccer leagues, namely the English Premier League and the Spanish Football League.
With the help of Europol, Interpol, Eurojust, and authorities in Andorra, the police cracked down on the app developers. Among them the leader, a former Spanish citizen who relocated to Andorra, and three engineers.
Since last month, the Spanish police has conducted three house searches (2 in Spain and 1 in Andorra), four arrests (3 in Spain and 1 in Andorra), four court orders to take down domains, blocked 20 web domains and servers (one in Portugal and another one in Czechia), and frozen several bank accounts.
According to investigators and the seized documents, the Spanish company-developer of the app and server infrastructure made over €5 million.
The bulk of profits came from showing ads in the app and selling users’ data to advertisers.
But as the investigation progressed, the authorities learned about another source of revenue.
According to Spanish and Europol officials, the app developers were involved in a scheme with together with an unnamed company in which they used the users’ devices “as proxy bots in its anonymization offering and for DDoS attacks.”
The Record writers who reported the news, say industry experts to whom they spoke were not surprised by this.
The app has long been considered high-risk, as it was distributed not through the official Google Play Store, but from a third-party website. In fact, a 2019 Digital Citizens report [PDF] classified it as plain malware and warned about its code that could be abused to turn devices into botnets.