Categories: AndroidMalware

Call Recorder App on Google Play with Over 5,000 Installs Contains Hidden Malware Dropper

Malware hidden inside Simple Call Recorder app tricks user in downloading and installing an additional app.

Security researcher Lukas Stefanko discovered the malicious Simple Call Recorder app that uploaded on Google Play on November 30, 2017, and the app has more than 5,000 installs.

The app was published by FreshApps Group, the main purpose of the app is to download and install the app that mimics as Flash player update.

Once the app launched it decrypts the additional binary file carried in assets and dynamically loads it, Stefanko said. The app carries both the call recording functionality and the malicious script that downloads an additional app.

Stefanko said that “I could not retrieve the app through the link that is hard-coded into the APK. It is likely that the app has already been removed from the server after being available for download for over 11 months, but the server is still live.”

He also found two other call recording apps on play store with the same functionality, but they didn’t contain malicious code. Seems the attacker uploaded these apps to use as an alternative source.

Stefanko recently spotted more than 50 malicious apps, with more than 350,000 installs spying users WhatsApp messages and other sensitive data such as browsing history, photos.

Common Tips to Catch Fake Android App

Look at the publish date. A fake app will have a recent published date.
Do a little research about the developer of the app you plan to install.
Very important – read all app permissions carefully.

Common Defences On Mobile Threats

Give careful consideration to the permission asked for by applications.
Download applications from trusted sources.
Stay up with the latest version.
Encrypt your devices.

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Hack The box “Ghost” Challenge Cracked – A Detailed Technical Exploit

Cybersecurity researcher "0xdf" has cracked the "Ghost" challenge on Hack The Box (HTB), a premier…

2 hours ago

Sec-Gemini v1 – Google’s New AI Model for Cybersecurity Threat Intelligence

Google has unveiled Sec-Gemini v1, an AI model designed to redefine cybersecurity operations by empowering…

2 hours ago

U.S. Secures Extradition of Rydox Cybercrime Marketplace Admins from Kosovo in Major International Operation

The United States has successfully extradited two Kosovo nationals, Ardit Kutleshi, 26, and Jetmir Kutleshi,…

7 hours ago

Ivanti Fully Patched Connect Secure RCE Vulnerability That Actively Exploited in the Wild

Ivanti has issued an urgent security advisory for CVE-2025-22457, a critical vulnerability impacting Ivanti Connect…

2 days ago

Beware! Weaponized Job Recruitment Emails Spreading BeaverTail and Tropidoor Malware

A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing how…

2 days ago

EncryptHub Ransomware Uncovered Through ChatGPT Use and OPSEC Failures

EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of operational…

2 days ago