OP 23 December, 2024 - 10:38 AM
Recently, McAfee Labs specialists discovered a malicious application called BMI CalculationVsn, which was distributed through the Amazon Appstore under the guise of a simple tool for calculating body mass index (BMI). Although the application looked harmless, it secretly collected a wealth of user data.
The app provided minimal functionality: users entered weight and height to get their BMI. However, behind this simple interface, there were malicious activities. Analysis showed that the app could record the device's screen by asking for permission when the "Calculate" button was pressed. This made it possible to theoretically capture passwords or data from other applications.
Other features include collecting information about installed applications, which potentially helps attackers select targets for attacks. Another security breach is the interception of all incoming SMS messages, including one-time passwords and verification codes. The intercepted data was stored in Firebase cloud storage.
McAfee's research showed that the malware was under development. The first versions, created in October 2024, were designed as a screen recording app. Later, it was disguised as a BMI calculator, adding the ability to steal SMS. Using Firebase with the test name "testmlwr" confirms that development is not yet complete.
The developer of the application is PT. Visionet Data Internasional", a well-known IT service provider in Indonesia. The attackers used its name to mislead users. This indicates that the authors may be related to Indonesia.
After McAfee's message, Amazon employees promptly removed the app from the store. However, the incident highlights the importance of mindfulness when installing apps. Users are advised to check the requested permissions, avoid dubious programs, and use anti-virus solutions to protect their data.
Malicious apps masquerading as harmless tools are becoming more sophisticated. Therefore, it is crucial to remain vigilant to secure your digital life.
The app provided minimal functionality: users entered weight and height to get their BMI. However, behind this simple interface, there were malicious activities. Analysis showed that the app could record the device's screen by asking for permission when the "Calculate" button was pressed. This made it possible to theoretically capture passwords or data from other applications.
Other features include collecting information about installed applications, which potentially helps attackers select targets for attacks. Another security breach is the interception of all incoming SMS messages, including one-time passwords and verification codes. The intercepted data was stored in Firebase cloud storage.
McAfee's research showed that the malware was under development. The first versions, created in October 2024, were designed as a screen recording app. Later, it was disguised as a BMI calculator, adding the ability to steal SMS. Using Firebase with the test name "testmlwr" confirms that development is not yet complete.
The developer of the application is PT. Visionet Data Internasional", a well-known IT service provider in Indonesia. The attackers used its name to mislead users. This indicates that the authors may be related to Indonesia.
After McAfee's message, Amazon employees promptly removed the app from the store. However, the incident highlights the importance of mindfulness when installing apps. Users are advised to check the requested permissions, avoid dubious programs, and use anti-virus solutions to protect their data.
Malicious apps masquerading as harmless tools are becoming more sophisticated. Therefore, it is crucial to remain vigilant to secure your digital life.
![[Image: Pcm4MpU.gif]](https://i.imgur.com/Pcm4MpU.gif)
![[Image: wLMMcvW.gif]](https://i.imgur.com/wLMMcvW.gif)
![[Image: ep6YLdC.jpeg]](https://i.imgur.com/ep6YLdC.jpeg)