Another Android Security-Related Discovery: First Kotlin-Based Malware in Google Play Store
Cyber security researchers have reportedly discovered what they think is the first Krotin-based malware affecting the Android OS.
The discovery has been made by researchers at Trend Micro; a Trend Micro blog post on the same says- “We spotted a malicious app (detected by Trend Micro as ANDROIDOS_BKOTKLIND.HRX) that appears to be the first developed using Kotlin—an open-source programming language for modern multiplatform applications.”
Kotlin, which was announced as an official Android development language at Google in 2017, is actually the third language fully supported for the Android platform, the other two being Java and C++.
The Trend Micro blog post further says- “The samples we found on Google Play posed as Swift Cleaner, a utility tool that cleans and optimizes Android devices. The malicious app, which has 1,000-5,000 installs as of writing, is capable of remote command execution, information theft, SMS sending, URL forwarding, and click ad fraud. It can also sign up users for premium SMS subscription services without their permission.”
So, as the Trend Micro blog says, this Kotlin-based malware, which seems to have been downloaded from Google Play Store by 1000 to 5000 users, poses as a utility tool that helps clean and optimize Android devices. The post explains how it works- “Upon launching Swift Cleaner, the malware sends the victim’s device information to its remote server and starts the background service to get tasks from its remote C&C server. When the device gets infected the first time, the malware will send an SMS to a specified number provided by its C&C server…After the malware receives the SMS command, the remote server will execute URL forwarding and click ad fraud.”
Experts point out that this malware, by its nature, would remain unnoticed; the victims would most likely be in for a surprise, or rather a mild shock, when they get their next phone bill.
Trend Micro has reportedly told Google about the issue; it’s heard that Google Play Protect reportedly has protections in place to protect users from this new malware.
Kevin Jones168 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others. He holds prestigious certifications like OSWP, OSCP, ITIL. His goals in life are simple - to finish her maiden business venture on Cybersecurity, and then to keep writing books for as long as possibly can and never miss a flight that makes the news.