Malicious Application Discovered on Amazon Appstore

Be careful with what you download.
December 23, 2024
 / 
meritsolutions
 / 
Image

In general, it’s best practice to only download apps from official app stores. You might assume then that if you install a new program from something like the Amazon Appstore, you’re safe. As it turns out, that’s not always the case.

As reported by Bleeping Computer, researchers have discovered a malicious app hiding on the Amazon Appstore. The app in question is called “BMI CalculationVsn,” developed by PT Visionet Data Internasional. As advertised, the app is a BMI (body mass index) calculator, but, as researchers from McAfee Labs discovered, the app is actually malicious.

When you download and open the app on your smartphone, you see what you’d expect: an interface for calculating BMI. However, when you click “Calculate,” the app asks for permission to record your display—something an app like this should never need.

From here, the app scans your smartphone, identifying all of the apps installed on the device. Then, it steals SMS messages from your phone, including both texts you send as well as any stored on your device. Unfortunately, that means your multi-factor authentication codes are vulnerable to theft.

As a general reminder, always double-check the apps you download, even when downloaded from an official app store. If an app’s developer seems like it has an odd name, such as “PT Visionet Data Internasional,” exercise caution. Investigate the reviews for the app, and look for both negative reviews, as well as positive reviews that seem artificial.

Share This

Leave a Reply



Sign Up for weekly MERIT Security Briefing

By signing up, you agree to our Privacy Policy.