Trend Micro’s security researchers found a malicious application in Google Play that was developed using the Kotlin programming language.
Malicious apps Swift Cleaner disguised as a utility for cleaning and optimizing Android devices where security researchers detected ANDROIDOS_BKOTKLIND.HRX. When found, the application was installed between 1000 and 5000.
Kotlin was announced last year by Google as the official support language for Android development, it is open source, and developers using Kotlin can provide safer applications. What is not yet certain is how malware developers use this programming language when building malicious code.
Trend Micro said the malicious application may involve a wide range of malicious activities, including remote command execution. It can also steal user information, send text messages, forward URLs, and click-fraud. In addition, it was discovered that it was designed to secretly subscribe to expensive SMS services without user consent.
Trend Micro explained that when the application was first started, the malware sent the obtained device information to the remote server and started the background service to receive the tasks from the C & C server. When initially infected, the malware sends a message to the specified number provided by C & C.
After receiving the SMS command, the remote server starts URL forwarding and performs the fraud on the infected device.
During click fraud programs, the malware uses the Wireless Application Protocol (WAP), which is the technical standard for accessing information over the mobile wireless network. Next, the malicious JavaScript code is injected and the regular expression is replaced so that the malware can parse the HTML code of the advertisement in a particular search string.
It will then quietly open the device’s move data, parse the base64 image, crack the CAPTCHA, and send the completed task to the remote server.
Malicious programs can send information from service providers, login data, and captcha images to C & C servers. Once such information is uploaded, the C & C server automatically subscribes to expensive text messaging services, causing the victim to suffer.
According to Trend Micro, the security risk posed by Google’s Swift Cleaner application has been told that Google Play Protect can protect users from this series of malicious software attacks.
Reference: SecurityWeek
