Saturday, September 7, 2024
HomeMalwareNew Programming Language "Kotlin" used for Developing an Android Malware

New Programming Language “Kotlin” used for Developing an Android Malware

Published on

An Open-source Programming language “kotlin” has bee used to develop malicious Android apps that are capable of hijacking an Android mobile and as a similar malicious Android app called Swift Cleaner has discovered in Google Play store.

In May 2017 Google announced kotlin Programming language to Develop an Android application and the Android team has seen more than 17 percent of Android Studio projects use Kotlin.

Top Giant Android apps such as Netflix, Pinterest, Twitter are the top apps that using kotlin programming language.

- Advertisement - EHA

The same language used a Malicious Andoird application called “Swift Cleaner” an android utility for cleans and optimizes Android devices found in Google Play Store.

This Malicious app capable of performing click fraud, execute the remote command, stealing the user information also sign up users for premium SMS subscription services without their permission.

How the Malicious works – Swift Cleaner

Once user download and install this malicious app on their device, it collects the user device information and sends it across to its command and control server.

Later it starts background services that keep running for receiving a task from its command & control server.

This malware sending an SMS to a specific number that provided by its C&C server when user infect at the first time.

Later the malware receives the SMS command, the remote server will execute URL forwarding and click ad fraud also this malware performing the Wireless Application Protocol (WAP) task by executing the remote command from C&C Server.

Accoirnding to Trend Micro, the injection of the malicious Javascript code will take place, followed by the replacement of regular expressions, which are a series of characters that define a search pattern. This will allow the malicious actor to parse the ads’ HTML code in a specific search string

It also performs some advanced functions such as uploading service provider information, CAPTCHA, and login information to C&C, by having that information it enables premium SMS service subscription at victim cost.

Common Defences On Mobile Threats

  • Give careful consideration to the permission asked for by applications.
  • Download applications from trusted sources.
  • Stay up with the latest version.
  • Encrypt your devices.
  • Make frequent backups of important data.
  • Install anti-malware on their devices.
  • Stay strict with CIA Cycle.
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...

NoiseAttack is a Novel Backdoor That Uses Power Spectral Density For Evasion

NoiseAttack is a new method of secretly attacking deep learning models. It uses triggers...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Researchers Unpacked AvNeutralizer EDR Killer Used By FIN7 Group

FIN7 (aka Carbon Spider, ELBRUS, Sangria Tempest) is a Russian APT group that is...

Lazarus Hackers Attacking Job-Seekers to Deliver Javascript Malware

The Lazarus Group is one of the most notorious hacker groups linked to the...