Researchers found a malicious Android app on the Amazon Appstore that targeted users with spyware. The app tricked users into downloading the malware by offering seemingly legit BMI calculation services, requiring them to give the app explicit device access.
Amazon Appstore Android App Caught Deploying Spyware
Researchers from McAfee Labs have caught a new malicious campaign targeting Android users in the wild. This time, the threat actors chose Amazon Appstore to offer the malicious Android app, which includes spyware.
The app, named “BMI CalculationVsn,” seemed like a legit BMI calculator app that also offered the claimed functionality to avoid raising alarms. However, the app continued running malicious actions in the background to steal device information.
Specifically, the attack began when a victim user would download the app from the Appstore, believing it to be a health tool. Once done, the app would start requesting explicit access permissions on the devices, even to some unrelated components, such as SMS messages and a list of installed apps. Also, the app would perform malicious functions, such as screen recording, to steal users’ data.
Interestingly, the app would mention these permissions in the request window, which an ignorant user might easily allow.
According to the researchers, the app initially emerged as a screen recording application in October 2024. However, the threat actors improvised the app in the following days, transforming it into a BMI calculator and adding more malicious functionalities.
Nonetheless, the app still seemed under development as it merely stored all the stolen information in an mp4 file without transferring it to the C&C server.
To avoid raising concerns, the attackers also adopted the name “PT. Visionet Data Internasional” to pose as the legit Indonesian IT MSP firm.
The researchers have shared a detailed analysis of this spyware in their post.
App Removed From The Appstore
Following this discovery, the researchers reported the matter to Amazon, eventually getting the app removed from the Appstore.
However, it might still be running on the devices where it was downloaded. Thus, users must check their devices manually for the existence of this app to remove it. Moreover, the researchers also advise users to equip their devices with a robust antimalware solution to avoid potential threats.
Let us know your thoughts in the comments.