Cyber Security News

Malicious Apps On Amazon Appstore Records Screen And Interecpt OTP Verifications

A seemingly benign health app, “BMI CalculationVsn,” was found on the Amazon App Store, which secretly collected sensitive user data, including installed app package names and incoming SMS messages, posing a significant privacy threat.

The BMI calculator app conceals malicious intent, as the app’s primary function is a smokescreen for a variety of harmful activities, likely involving data theft, unauthorized access, or other cyberattacks

Application published on Amazon Appstore

It secretly initiates screen recording upon user interaction, potentially capturing sensitive information like passwords.

While the current implementation doesn’t upload recordings, the malicious potential remains, indicating a work-in-progress threat.

2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide

By scanning the device to compile a list of all applications that have been installed, the application can either identify users who are the targets of complex attacks or prepare for such attacks.

It intercepts all incoming SMS messages on the device, potentially capturing sensitive information like one-time passwords (OTPs) and verification codes. The stolen data is then uploaded to a Firebase storage bucket named “testmlwr-d4dd7.appspot.com.”

Upload User Data

The “com.zeeee.recordingappz” malware, initially a screen recorder, evolved into an SMS-stealing app in October 2024, as its current state suggests ongoing development and testing phases.

Based on the presence of the “testmlwr” character in the Firebase Installation API address, it can be deduced that the application is still undergoing testing.

Cybercriminals exploited the reputation of a legitimate Indonesian IT service provider to distribute malware disguised as a legitimate app on the Amazon Appstore, suggesting potential ties between the attackers and Indonesia.

The Timeline of Application Development

To protect devices from malicious apps, users should install trusted antivirus software, carefully review app permission requests, and monitor their devices for unusual behavior like performance degradation, battery drain, or excessive data usage.

According to McAfee, even benign apps like “BMI CalculationVsn” can pose security risks. To protect digital privacy, users must remain vigilant and employ strong security measures to mitigate potential cyber threats.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Aman Mishra

Recent Posts

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer through…

2 hours ago

BellaCiao, A new .NET Malware With Advanced Sophisticated Techniques

An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the initial…

2 hours ago

Lazarus Hackers Using New VNC Based Malware To Attack Organizations Worldwide

The Lazarus Group has recently employed a sophisticated attack, dubbed "Operation DreamJob," to target employees…

2 hours ago

New Python NodeStealer Attacking Facebook Business To Steal Login Credentials

NodeStealer, initially a JavaScript-based malware, has evolved into a more sophisticated Python-based threat that targets…

2 hours ago

DigiEver IoT Devices Exploited To Deliver Mirai-based Malware

A new Mirai-based botnet, "Hail Cock Botnet," has been exploiting vulnerable IoT devices, including DigiEver…

2 hours ago

Hackers Exploiting PLC Controllers In US Water Management System To Gain Remote Access

A joint Cybersecurity Advisory (CSA) warns of ongoing exploitation attempts by Iranian Islamic Revolutionary Guard…

2 hours ago