A new form of mobile malware designed for multiple malicious activities has appeared, in the form of a camouflaged app that is a copy of the valid BatteryBot Pro app.
The fake app will provide the same function to the victim as the original version of BatteryBot Pro, but at the same time performs malicious activity on the background.
Mainly, although the app seems to work properly, back-end tries to load various ad libraries, eventually delivering a click-fraud campaign.
According to Zscaler, other features include adware fraud, SMS fraud, and installing additional malicious APKs.
Η κακόβουλη εφαρμογή δείχνει να δουλεύει κανονικά. Η κύρια δραστηριότητα είναι ίδια με αυτή του γνήσιου app, αλλά όταν χτυπά ο χρήστης κάνει κλικ στο “View Battery Use,” το malware στέλνει αιτήματα στο command and control server to retrieve the short codes for the premium-rate SMS numbers. The total cost of the messages sent will be added to the user's account.
App has been removed from the Play Store as soon as Google has been notified of its malicious activity, but for those who have already installed it is bad.
After installing the malicious app, administrative access is required, which allows the malware developer to have full control over the victim's device.
Running with administrator privileges means that the user and owner of the infected device can not remove it after installation.
The camouflaged fake Android apps are all too common to each other. While the genuine BatteryBot Pro app required the minimum of licenses, the fake app required full admin access in order to gain full control over the victim's device.
For this reason, users must be suspicious and very careful and research a lot about the licenses before deciding to install an application on their mobile device.