Posted on June 22, 2018 at 7:49 PM

Play Store’s Malicious Battery Saver App Infects Over 60,000 Devices

A new malware campaign targeting Android users has been discovered on Google Play Store. The campaign revolves around a battery saver app called Advanced Battery Saver, which is infected with malware designed to steal device’s information and generate revenue.

Google Play Store hosts yet another malicious app

According to the RiskIQ’s researchers, a new malicious campaign now threatens the safety of information belonging to Android users. The app called Advanced Battery Saver, which can be found on Google Play Store was infected with a unique malware, designed to generate revenue and steal information from the device simultaneously.

Surprisingly enough, the app which is designed to reduce the energy consumption of the phone actually does what it promises. The researchers were able to confirm that the app actually increases the life of the battery, and kills unnecessary processes that are using extra resources. The bad news is that the app comes with a malware that can access phone’s log data through the permissions gained by the app. Not only that, but the app is capable of receiving texts, and even Internet data, and a complete access to the network.

The malware also uses the app to run a background ad-clicker, which forces the user to click on various links and ads that end up generating revenue for the hackers responsible for the malware. Additionally, this very same ad-clicker can also steal personal data like IMEI, phone numbers, brand and model of the phone, and even its precise location.

Yonathan Klijnsma and Aaron Inness, two of the researchers working for RiskIQ, have stated that the ad-clicker combines the texts with premium messages received from some of the ads. The malware uses the content of these ad-based texts to map message IDs, which creates even more income for the malware authors.

The worst part is that this app is currently present on more than 60,000 Android devices around the world. With those numbers, the cybercriminals responsible are probably making quite a profit, while their victims are not even aware that they are being used.

This is not the only app from this developer

After the security firm decided to dig some more, they discovered via malware author’s email that there is another app posted on the Play Store by the same developer, The second app is crypto-related, but it has been either removed by the Play Store, or by the developer themselves, which makes it impossible to determine its functionality at this point.

Still, this is further proof that hackers and cybercriminals do not have issues with uploading malware-infected apps on the Play Store.

As for those who have Advanced Battery Saver installed on their device, it is advised that they remove it immediately, and scan the devices with anti-malware software. Finding apps like this has become something of a regularity even on Google Play Store, but the biggest threat still comes from the apps downloaded by third-party sites.

This is confirmed by reports that came recently, and which revolve around scamming campaign that includes malicious apps related to a popular game called Fortnite. The official app has yet to be released on the Play Store, but the malware-infected version of the same app is already in circulation via unofficial app sites.