HQ/EMEAFind out how we can help your business
A newly discovered Android spyware dubbed BMI CalculationVsn offers itself as a legitimate health app on the Amazon App Store.
Reports stated that the malware disguises itself as a health tool to harvest data from compromised devices. As of now, Amazon has already removed the app after receiving reports about its existence.
However, app users who installed the malicious program must manually uninstall and complete a scan to remove any remaining traces.
Amazon Appstore is a third-party Android software store pre-installed on Amazon Fire tablets and Fire TV devices. It also serves as an alternative to Google Play for Android device owners who cannot use Google’s platform, and it includes exclusive Amazon Prime games and entertainment.
The BMI CalculationVsn spyware tricks users by being a simple BMI calculator app.
The developers of the BMI CalculationVsn spyware program market the malicious app as a simple body mass index (BMI) calculator.
Investigations revealed that opening the malicious program directs the user to a simple UI that fulfils the advertised functions, such as calculating their BMI. However, additional malicious operations are running in the background.
Once the user selects the ‘Calculate’ button, the app launches a screen recording service that requests the necessary permissions. This activity would fool users and lead to automatic approvals.
The researchers explained that the footage is locally kept in an MP4 file but was not transferred to a C2 server, most likely because the program is still in its early testing development phase. Further research also uncovered the app’s history and discovered that it initially surfaced in the threat landscape on October 8.
By the end of the month, it had changed its icon, adopted additional dangerous features, and updated the certificate information. The app’s second dangerous feature is scanning the device for all installed apps, enabling its operators to plan their next steps.
Finally, the spyware intercepts and gathers SMS messages sent and saved on the device, such as OTPs and verification codes.
Harmful programs can still bypass code review flaws in trustworthy stores like the Amazon Appstore; hence, Android users should only install apps from legitimate publishers. It is also advisable to review requested permissions before granting them.
