Explorer

Amazon Takes Down BMI CalculationVsn App From Its Appstore After Spotting Android Malware In It

Marketed as a basic body mass index (BMI) calculator, the BMI CalculationVsn app concealed dangerous malware.

Researchers at McAfee Labs recently uncovered a malicious Android spyware app on the Amazon Appstore called BMI CalculationVsn. Disguised as a straightforward health tool, the app secretly harvested sensitive data from devices it infected. Upon being alerted by the researchers, Amazon promptly removed the app from the store.

However, users who downloaded it need to uninstall the app manually and run a comprehensive scan to ensure all remnants are completely removed.

Android Spyware On Amazon Store: What Do We Know?

The Amazon Appstore, a third-party marketplace for Android apps, comes pre-installed on Amazon Fire tablets and Fire TV devices. Among the apps available on the store was the malicious BMI CalculationVsn, published by "PT Visionet Data Internasional." Marketed as a basic body mass index (BMI) calculator, the app concealed a dangerous spyware operation.

When opened, the app presents a straightforward interface that performs BMI calculations as advertised. However, behind the scenes, it engages in covert activities. For instance, it activates a screen recording service, requesting the necessary permissions when users click the "Calculate" button. This action could easily deceive users into granting access without realising its implications.

ALSO READ | Samsung Galaxy S25 Ultra Leaks: Standard & Plus Model To Feature Colour Variants, Ultra To Come In 7 Titanium Shades

According to McAfee researchers, the recorded screen captures were saved locally as MP4 files but were not uploaded to a command-and-control (C2) server. This behaviour suggests the app might still have been in its early testing phase. Further investigation revealed that the app was first introduced on October 8. By the end of the same month, it had undergone significant changes, including a new icon, additional malicious features, and updated certificate information.

The app’s second malicious activity involves scanning the device to compile a list of all installed applications, enabling attackers to strategise their next moves. Additionally, the spyware intercepts and collects SMS messages stored or sent from the device, including sensitive data such as one-time passwords (OTPs) and verification codes.

Top Headlines

Xiaomi FX Mini LED TV Review: A Mini LED Wolf In Budget Clothing
Xiaomi FX Mini LED TV Review: A Mini LED Wolf In Budget Clothing
BGMI's Biggest Update Yet Lets You Swing, Climb And Fight Like Spider-Man
BGMI's Biggest Update Yet Lets You Swing, Climb And Fight Like Spider-Man
Google Is Using Your Photos And Voice To Train Its AI: Here Is How To Stop It
Google Is Using Your Photos And Voice To Train Its AI: Here Is How To Stop It
Want iPhone 17 Pro For Free? This Is Your Window Before The Deal Closes
Want iPhone 17 Pro For Free? This Is Your Window Before The Deal Closes

Videos

Ayodhya Watch: Govind Dev Giri Meets Champat Rai as Temple Donation Probe Draws Fresh Focus
Global Flash: Iran Rejects Trump’s Warning as New Statements Signal Rising Diplomatic Tensions
Global Alert: Strategic Iranian Sites Hit as Fresh Gulf Escalation Raises Global Security Concerns
Global Tension: US-Iran Frictions Deepen as Regional Security Concerns Rise During State Funeral
Monsoon Alert: Torrential Rain Floods Cities as Rising Waters Leave Large Parts of India Struggling

Photo Gallery

25°C
New Delhi
Rain: 100mm
Humidity: 97%
Wind: WNW 47km/h
See Today's Weather
powered by
Accu Weather
Embed widget