Malicious Android App On Amazon Appstore Distributed Spyware

Researchers recently discovered a malicious Android app on the Amazon Appstore that was designed to target users with spyware. The app lured users into downloading it by offering what seemed to be legitimate BMI calculation services, but it actually required users to grant explicit device access.

Amazon Appstore Android App Caught Deploying Spyware

A new malicious campaign targeting Android users has been uncovered by researchers from McAfee Labs. This time, the threat actors chose the Amazon Appstore as the platform to distribute the malicious Android app, which contained spyware.

The app, known as “BMI CalculationVsn,” appeared to be a legitimate BMI calculator app to avoid suspicion. However, behind the scenes, the app carried out malicious activities to steal device information.

The attack would commence when a user downloaded the app from the Appstore, believing it to be a health tool. Upon installation, the app would begin requesting explicit access permissions on the device, including access to unrelated components such as SMS messages and a list of installed apps. Additionally, the app would engage in malicious actions like screen recording to harvest user data.

Notably, the app would outline these permissions in the request window, which could easily deceive an unsuspecting user into granting them.

According to the researchers, the app initially appeared as a screen recording application in October 2024. However, the threat actors later transformed it into a BMI calculator while adding more malicious functionalities.

Despite these advancements, the app appeared to still be in development stage as it only stored the stolen information in an mp4 file without transmitting it to a command and control (C&C) server.

To avoid suspicion, the attackers also used the name “PT. Visionet Data Internasional” to masquerade as a legitimate Indonesian IT managed service provider (MSP) firm.

The researchers have provided a detailed analysis of this spyware in their post.

App Removed From The Appstore

Upon discovering this threat, the researchers promptly notified Amazon, leading to the removal of the app from the Appstore.

However, the app may still be present on devices where it was previously installed. Therefore, users are advised to manually check their devices for the presence of this app and remove it. Additionally, it is recommended for users to equip their devices with a reliable anti-malware solution to mitigate potential risks.

We welcome your thoughts and feedback in the comments section.