A new sort of android malware developed with many malicious intents had been active in the form of a malicious application, which is a clone of the best rated battery indication application for Android devices named BatteryBot Pro.
The fake BatteryBot offered almost same features that a target (the user who downloads/installs it) could discover in the legitimate BatteryBot Pro application, however, the clone also performs malevolent activities in the backend of phones they’re installed on. Most particularly, though the application looks to be functioning similar to the genuine one, in background it start many ad libraries, eventually performing a click-jack campaign. As per the statement by Zscaler, many other features include SMS fraud, ad fraud, and the automatic installation of many other malicious applications.
The application is stealthy on the SMS screen. The main display is same as original application, however when the consumer taps on “View Battery Use,” the malicious code sends request to its control and command server to access short codes from SMS numbers. Texts are then delivered – SMS fees for it will display on the consumer’s bill.
The application was deleted from the Google Play Store once Google became conscious of application’s malicious intent, however, folks who already installed the application, have been lacking luck for sure.
The research indicates, when someone installs this malicious application, it required admin access, which enables the injected malware to get full control of the target’s Android based device. And its start with admin rights means the user can’t remove application after the installation – Awful.
“While in some of the scenarios we were able to manually delete the app, the malware authors have taken care to ensure persistence,” stated by Shivang Desai, the Zscaler expert that revealed the application. “The malware silently installs an app with a package name of com.nb.superuser, which runs as a different thread and resides on the device even if the app is forcefully deleted.”
Malicious Android applications mostly are developed to look exactly like the original one. But there’s a simple way with which we as a user online can defend themselves, and that’s, we need to do proper research and remain cautious of unnecessary admin privileges. As simple is that! While the original application (BatteryBot Pro) required minimal privileges, the fake application required complete admin control to obtain full control of the target’s phone.
“Malware authors tend to follow one of the following two methods for malware development: Create a malware app from scratch, or compromise a legit app by embedding malicious modules into it,” Desai said. “With Android being open source and an Android app being easily reversible, most of the malware developers tend to stick with the second option.”
So, users are encouraged to quickly evaluate whether or not they’re running legitimate BatteryBot app or not – and take an action on ASAP basis. If you can’t recall yourself digging the Google app store for similar app in the recent times, you more likely are safe!