Thursday, January 23, 2025
HomeCyber Security NewsMalicious Apps On Amazon Appstore Records Screen And Interecpt OTP Verifications

Malicious Apps On Amazon Appstore Records Screen And Interecpt OTP Verifications

Published on

SIEM as a Service

Follow Us on Google News

A seemingly benign health app, “BMI CalculationVsn,” was found on the Amazon App Store, which secretly collected sensitive user data, including installed app package names and incoming SMS messages, posing a significant privacy threat.

The BMI calculator app conceals malicious intent, as the app’s primary function is a smokescreen for a variety of harmful activities, likely involving data theft, unauthorized access, or other cyberattacks

Application published on Amazon Appstore
Application published on Amazon Appstore

It secretly initiates screen recording upon user interaction, potentially capturing sensitive information like passwords.

While the current implementation doesn’t upload recordings, the malicious potential remains, indicating a work-in-progress threat.

2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide

By scanning the device to compile a list of all applications that have been installed, the application can either identify users who are the targets of complex attacks or prepare for such attacks.

It intercepts all incoming SMS messages on the device, potentially capturing sensitive information like one-time passwords (OTPs) and verification codes. The stolen data is then uploaded to a Firebase storage bucket named “testmlwr-d4dd7.appspot.com.”

Upload User Data
Upload User Data

The “com.zeeee.recordingappz” malware, initially a screen recorder, evolved into an SMS-stealing app in October 2024, as its current state suggests ongoing development and testing phases.

Based on the presence of the “testmlwr” character in the Firebase Installation API address, it can be deduced that the application is still undergoing testing.

Cybercriminals exploited the reputation of a legitimate Indonesian IT service provider to distribute malware disguised as a legitimate app on the Amazon Appstore, suggesting potential ties between the attackers and Indonesia.

The Timeline of Application Development
The Timeline of Application Development

To protect devices from malicious apps, users should install trusted antivirus software, carefully review app permission requests, and monitor their devices for unusual behavior like performance degradation, battery drain, or excessive data usage.

According to McAfee, even benign apps like “BMI CalculationVsn” can pose security risks. To protect digital privacy, users must remain vigilant and employ strong security measures to mitigate potential cyber threats.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Critical Vulnerability in Next.js Framework Exposes Websites to Cache Poisoning and XSS Attacks

A new report has put the spotlight on potential security vulnerabilities within the popular...

New Cookie Sandwich Technique Allows Stealing of HttpOnly Cookies

The "Cookie Sandwich Attack" showcases a sophisticated way of exploiting inconsistencies in cookie parsing...

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

Microsoft Unveils New Identity Secure Score Recommendations in General Availability

Microsoft has announced the general availability of 11 new Identity Secure Score recommendations in...