Call Recorder App on Google Play with Over 5,000 Installs Contains Hidden Malware Dropper

Malware hidden inside Simple Call Recorder app tricks user in downloading and installing an additional app.

Security researcher Lukas Stefanko discovered the malicious Simple Call Recorder app that uploaded on Google Play on November 30, 2017, and the app has more than 5,000 installs.

The app was published by FreshApps Group, the main purpose of the app is to download and install the app that mimics as Flash player update.

Once the app launched it decrypts the additional binary file carried in assets and dynamically loads it, Stefanko said. The app carries both the call recording functionality and the malicious script that downloads an additional app.

Stefanko said that “I could not retrieve the app through the link that is hard-coded into the APK. It is likely that the app has already been removed from the server after being available for download for over 11 months, but the server is still live.”

He also found two other call recording apps on play store with the same functionality, but they didn’t contain malicious code. Seems the attacker uploaded these apps to use as an alternative source.

Stefanko recently spotted more than 50 malicious apps, with more than 350,000 installs spying users WhatsApp messages and other sensitive data such as browsing history, photos.

Common Tips to Catch Fake Android App

Look at the publish date. A fake app will have a recent published date.
Do a little research about the developer of the app you plan to install.
Very important – read all app permissions carefully.

Common Defences On Mobile Threats

Give careful consideration to the permission asked for by applications.
Download applications from trusted sources.
Stay up with the latest version.
Encrypt your devices.