Even if you’re not sideloading apps, you still need to be careful when downloading new ones from official app stores as you might just end up with a malicious app that can infect even the best Android phones with dangerous malware.
Case in point, McAfee Labs researchers have discovered a bad app masquerading as a legitimate health app on the Amazon Appstore. While not nearly as popular as the Google Play Store, Amazon’s app store works on phones as well as the best Android tablets, though it comes pre-installed on the ecommerce giant’s own Fire tablets and Fire TV devices.
Now that Google has been working hard to lock down the Play Store, hackers have turned to third-party app stores as a means of distributing their malicious apps. I wouldn’t be surprised if they tried something similar on Samsung’s Galaxy Store going forward.
Here’s everything you need to know about this new malicious app along with what you should do next to remove it from your phone if you have it installed along with some tips and tricks to help you stay safe from Android malware.
Hiding in a health utility app
As reported by BleepingComputer, the app in question is called BMI CalculationsVsn and up until recently, was being promoted as a simple body mass index (BMI) calculator.
When opened, the app appears to be fairly simple with a single page where users can input their weight and height to calculate their BMI. However, while its user interface does look like a standard health app, it’s performing a range of malicious activities in the background.
In its report on the matter, McAfee’s researchers explain that the app starts recording a user’s screen whenever they click the “Calculate” button to find out their BMI. A pop-up request to grant the necessary permissions to screen record appears and if a user taps on “Start now” the malicious app begins recording.
McAfee believes this functionality is most likely used to capture gesture passwords or sensitive data from other apps. However, the firm’s researchers found that the app’s developer “PT Visionet Data Internasional” wasn’t quite ready to make use of this function since the app doesn’t upload the mp4 video files it captures to a command and control (C2) server.
At the same time though, this malicious app is also able to scan a victim’s device to retrieve a list of all of their other installed apps. This info could then be used to identify potential targets as well as to plan out more advanced attacks. Likewise, the BMI CalculationsVsn app also collects every text message received from an infected phone. This is likely done to capture one-time passwords (OTP), verification codes or other sensitive information sent via text.
The app itself was uploaded to the Amazon Appstore at the beginning of October of this year. While it started out as a screen recording app, its creators pivoted half way through its development cycle and changed it to a BMI calculator with its original screen recording capabilities still enabled. Its app icon was also changed to reflect this.
Fortunately, McAfee reached out to Amazon upon discovering this malicious app and it has since been delisted. If you happened to install it on your Android phone or tablet while it was still up though, you’re going to need to manually delete it from your device.
How to stay safe from Android malware
Since bad apps have a habit of ending up on official app stores like the Google Play Store and in this case, the Amazon Appstore, you need to be extremely careful when downloading any new app.
This means checking its ratings and reviews but since these can be faked, it’s always a good idea to look for external reviews or even a video review since they show you the app in question in action. You also want to look into an app’s developer to make sure they’re legit. A good way to get around installing a malicious app onto your Android devices is to stick with known, trusted apps that often show up on a respective app store’s top charts.
As for staying safe from Android malware, your first line of defense should be Google Play Protect as it comes pre-installed on most Android devices. This free security app scans all of your existing apps and any new ones you download for malware, even if you didn’t happen to download them from the Play Store. For extra protection though, I highly recommend using one of the best Android antivirus apps alongside Google Play Protect. They’re updated more frequently and often include other useful extras like a password manager or a VPN.
Hackers, scammers and other cybercriminals have been using malicious apps as a way to infect people with malware for years now and as such, I don’t think they’re going to stop doing so anytime soon. This is why it’s up to you to be security savvy and exercise caution when installing new apps on your Android smartphone or tablet.
More from Tom's Guide
