Daily Flux Report

Spyware distributed through Amazon Appstore | McAfee Blog

By McAfee Labs

Spyware distributed through Amazon Appstore | McAfee Blog

As smartphones have become an integral part of our daily lives, malicious apps have grown increasingly deceptive and sophisticated. Recently, we uncovered a seemingly harmless app called "BMI CalculationVsn" on the Amazon App Store, which is secretly stealing the package name of installed apps and incoming SMS messages under the guise of a simple health tool. McAfee reported the discovered app to Amazon, which took prompt action, and the app is no longer available on Amazon Appstore.

Figure 1. Application published on Amazon Appstore

On the surface, this app appears to be a basic tool, providing a single page where users can input their weight and height to calculate their BMI. Its interface looks entirely consistent with a standard health application. However, behind this innocent appearance lies a range of malicious activities.

Upon further investigation, we discovered that this app engages in the following harmful behaviors:

When the recording starts, the permission request dialog will be displayed.

According to our analysis of historical samples, this malicious app is still under development and testing stage and has not reached a completed state. By searching for related samples on VirusTotal based on the malware's package name (com.zeeee.recordingappz) revealed its development history. We can see that this malware was first developed in October 2024 and originally developed as a screen recording app, but midway through the app's icon was changed to the BMI calculator, and the payload to steal SMS messages was added in the latest version.

Figure 6. The Timeline of Application Development

The address of the Firebase Installation API used by this app uses the character "testmlwr" which indicates that this app is still in the testing phase.

According to the detailed information about this app product on the Amazon page, the developer's name is: "PT. Visionet Data Internasional". The malware author tricked users by abusing the names of an enterprise IT management service provider in Indonesia to distribute this malware on Amazon Appstore. This fact suggests that the malware author may be someone with knowledge of Indonesia.

To avoid falling victim to such malicious apps, we recommend the following precautions:

As cybercrime continues to evolve, it is crucial to remain vigilant in protecting our digital lives. Apps like "BMI CalculationVsn" serve as a stark reminder that even the simplest tools can harbor hidden threats. By staying alert and adopting robust security measures, we can safeguard our privacy and data.

Previous articleNext article

POPULAR CATEGORY

corporate

4512

tech

4975

entertainment

5506

research

2499

misc

5716

wellness

4362

athletics

5833