Malicious Apps On Amazon Appstore Records Screen And Interecpt OTP Verifications

A seemingly benign health app, “BMI CalculationVsn,” was found on the Amazon App Store, which secretly collected sensitive user data, including installed app package names and incoming SMS messages, posing a significant privacy threat.

The BMI calculator app conceals malicious intent, as the app’s primary function is a smokescreen for a variety of harmful activities, likely involving data theft, unauthorized access, or other cyberattacks. 

It secretly initiates screen recording upon user interaction, potentially capturing sensitive information like passwords.

While the current implementation doesn’t upload recordings, the malicious potential remains, indicating a work-in-progress threat.

2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide

By scanning the device to compile a list of all applications that have been installed, the application can either identify users who are the targets of complex attacks or prepare for such attacks.

It intercepts all incoming SMS messages on the device, potentially capturing sensitive information like one-time passwords (OTPs) and verification codes. The stolen data is then uploaded to a Firebase storage bucket named “testmlwr-d4dd7.appspot.com.”

The “com.zeeee.recordingappz” malware, initially a screen recorder, evolved into an SMS-stealing app in October 2024, as its current state suggests ongoing development and testing phases.

Based on the presence of the “testmlwr” character in the Firebase Installation API address, it can be deduced that the application is still undergoing testing.

Cybercriminals exploited the reputation of a legitimate Indonesian IT service provider to distribute malware disguised as a legitimate app on the Amazon Appstore, suggesting potential ties between the attackers and Indonesia.

To protect devices from malicious apps, users should install trusted antivirus software, carefully review app permission requests, and monitor their devices for unusual behavior like performance degradation, battery drain, or excessive data usage.

According to McAfee, even benign apps like “BMI CalculationVsn” can pose security risks. To protect digital privacy, users must remain vigilant and employ strong security measures to mitigate potential cyber threats.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free