Amazon Takes Down BMI CalculationVsn App From Its Appstore After Spotting Android Malware In It

Marketed as a basic body mass index (BMI) calculator, the BMI CalculationVsn app concealed dangerous malware.

By : ABP News Bureau | Updated at : 21 Dec 2024 04:00 PM (IST)

Amazon Appstore BMI CalculationVsn App Android Malware Found Removed Amazon Takes Down BMI CalculationVsn App From Its Appstore After Spotting Android Malware In It

Users who downloaded BMI CalculationVsn app need to uninstall it manually and run a comprehensive scan to ensure all remnants are completely removed.

Source : Pixabay/Geralt

Researchers at McAfee Labs recently uncovered a malicious Android spyware app on the Amazon Appstore called BMI CalculationVsn. Disguised as a straightforward health tool, the app secretly harvested sensitive data from devices it infected. Upon being alerted by the researchers, Amazon promptly removed the app from the store.

However, users who downloaded it need to uninstall the app manually and run a comprehensive scan to ensure all remnants are completely removed.

Android Spyware On Amazon Store: What Do We Know?

The Amazon Appstore, a third-party marketplace for Android apps, comes pre-installed on Amazon Fire tablets and Fire TV devices. Among the apps available on the store was the malicious BMI CalculationVsn, published by "PT Visionet Data Internasional." Marketed as a basic body mass index (BMI) calculator, the app concealed a dangerous spyware operation.

When opened, the app presents a straightforward interface that performs BMI calculations as advertised. However, behind the scenes, it engages in covert activities. For instance, it activates a screen recording service, requesting the necessary permissions when users click the "Calculate" button. This action could easily deceive users into granting access without realising its implications.

ALSO READ | Samsung Galaxy S25 Ultra Leaks: Standard & Plus Model To Feature Colour Variants, Ultra To Come In 7 Titanium Shades

According to McAfee researchers, the recorded screen captures were saved locally as MP4 files but were not uploaded to a command-and-control (C2) server. This behaviour suggests the app might still have been in its early testing phase. Further investigation revealed that the app was first introduced on October 8. By the end of the same month, it had undergone significant changes, including a new icon, additional malicious features, and updated certificate information.

The app’s second malicious activity involves scanning the device to compile a list of all installed applications, enabling attackers to strategise their next moves. Additionally, the spyware intercepts and collects SMS messages stored or sent from the device, including sensitive data such as one-time passwords (OTPs) and verification codes.