Malware infected Battery saver app on Play Store infects 60,000 users

Malware infected Battery saver app on Play Store infects 60,000 users

The IT security researchers at RiskIQ have discovered a unique malware campaign targeting Android devices to steal personal information of the victim and generate revenue.

The campaign involves a battery saver Android application called “Advanced Battery Saver” on Google Play Store which surprisingly once installed does exactly what it claims including reducing battery strain, increasing battery life and killing processes using unnecessary resources.

However, according to researchers at RiskIQ, at the same time, the app gains permission to access sensitive log data, receive text messages (SMS), receive data from Internet and full network access etc.

Furthermore, it runs an ad-clicker in the background that tricks users into clicking on ads and links to generate revenue for malware authors. Moreover, the ad-clicker steals device information including phone numbers, IMEI, model, brand, location and more.

Malware infected Battery saver app on Play Store infects 60,000 users
On the left is the ad that popups on user device promoting the app – On the right a popup from a malicious site. (Image: RiskIQ)

“The text messages are used in combination with premium text messages from some of the ads it will be clicking. The content of the text messages is used in the ad-clicking by mapping the IDs for the messages back to the IDs from the ads—another source of income for the operators,” noted RiskIQ’s researchers Aaron Inness and Yonathan Klijnsma.

The malicious Advanced Battery Saver app is currently installed on around 60,000 devices worldwide which implies that cybercriminals could be making a handsome profit while users are clueless about the original functionality of the app.

Malware infected Battery saver app on Play Store infects 60,000 users

RiskIQ did a further digging on the malware author based on the email address available on the app’s additional information section and it turns out that the same developer also uploaded a crypto related app on Play Store which at the time of publishing of this article was removed by Google or deleted by the developer from the store, therefore, the basic functionality of the app is unknown.

It, however, indicates that for cybercriminals getting a malicious app on Play Store is a piece of cake. If you have installed Advanced Battery Saver app on your device remove it right now and run an anti-malware scan.

Android users must watch out for malware apps hosted on Play Store and third-party website. Just yesterday, it was reported that cybercriminals are scamming unsuspecting users with malicious Fortnite apps while the company is yet to release the official app of the game on Play Store.

Related Posts