Android, Privacy

Malicious Android App Reads SMS and sends it to the Attacker

Malicious Android App Reads SMS and sends it to the Attacker.

Another malware application was able to get around Google Play Store security checks; this app lets attackers to discreetly read and access SMS in order to be used in account creation services sites such as Microsoft, Google, and others.

The aforementioned software is a bogus Android SMS app with 100,000 downloads on Google Play. Infected devices are rented out as “Virtual Numbers,” which transmit SMS messages and are used to create new service accounts.

While the app has a 3.4 overall rating, many user reviews claim that it is a scam, that it hijacks their phones, and that it produces several OTPs (one-time passwords) upon installation.

“Fake app I just download this app 4-5 times of OTP via Google, Airtel payment, Bank OTP, dream11 OTP, etc. Type of OTP arrives at the moment of login,” one user stated.

Maxime Ingrao, an Evina Security researcher, discovered the malicious app:

Despite the fact that it has already been reported, the app is still available on the Google Play Store.