A malicious Android spyware app called BMI CalculationVsn was discovered on the Amazon Appstore, posing as a simple health tool but secretly stealing user data. The app, developed by "PT Visionet Data Internasional," promised to calculate BMI but engaged in harmful activities in the background.
1. Screen Recording: The app launched a screen recording service after users clicked the "Calculate" button. While recordings were stored locally, there was no evidence of uploads to a command-and-control (C2) server, likely due to its developmental stage.
2. Application Scanning: It scanned installed applications on infected devices, enabling attackers to plan further malicious activities.
3. SMS Interception: The spyware intercepted and collected SMS messages, including one-time passwords (OTPs) and verification codes.
The spyware first appeared on October 8, 2024, evolving its malicious capabilities over time. McAfee Labs researchers identified the app and informed Amazon, leading to its removal from the App Store.
* Uninstall Immediately: Users who downloaded the app should remove it and perform a comprehensive device scan.
* Scrutinize Permissions: Avoid granting excessive permissions to apps and review them regularly.
* Enable Google Play Protect: Ensure this feature is active to detect and block known malware.
* Stick to Trusted Publishers: Only install apps from verified developers and scrutinize less-known applications.
