Malware hidden inside Simple Call Recorder app tricks user in downloading and installing an additional app.
Security researcher Lukas Stefanko discovered the malicious Simple Call Recorder app that uploaded on Google Play on November 30, 2017, and the app has more than 5,000 installs.
The app was published by FreshApps Group, the main purpose of the app is to download and install the app that mimics as Flash player update.
Once the app launched it decrypts the additional binary file carried in assets and dynamically loads it, Stefanko said. The app carries both the call recording functionality and the malicious script that downloads an additional app.
Stefanko said that “I could not retrieve the app through the link that is hard-coded into the APK. It is likely that the app has already been removed from the server after being available for download for over 11 months, but the server is still live.”
He also found two other call recording apps on play store with the same functionality, but they didn’t contain malicious code. Seems the attacker uploaded these apps to use as an alternative source.
Stefanko recently spotted more than 50 malicious apps, with more than 350,000 installs spying users WhatsApp messages and other sensitive data such as browsing history, photos.
Look at the publish date. A fake app will have a recent published date.
Do a little research about the developer of the app you plan to install.
Very important – read all app permissions carefully.
Give careful consideration to the permission asked for by applications.
Download applications from trusted sources.
Stay up with the latest version.
Encrypt your devices.
Cybersecurity researcher "0xdf" has cracked the "Ghost" challenge on Hack The Box (HTB), a premier…
Google has unveiled Sec-Gemini v1, an AI model designed to redefine cybersecurity operations by empowering…
The United States has successfully extradited two Kosovo nationals, Ardit Kutleshi, 26, and Jetmir Kutleshi,…
Ivanti has issued an urgent security advisory for CVE-2025-22457, a critical vulnerability impacting Ivanti Connect…
A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing how…
EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of operational…