Yet another malicious call recording application has been discovered on Google’s PlayStore by malware researcher Lukas Stefanko. The app, called Simple Call Recorder published by FreahApps Group, already had over 5000 installs and has been available on the PlayStore since November 30, 2017.
Despite being a normal call recording app, Simple Call Recorder tricked users into donwloading an additional app impersonating as a flash player update, explained malware researcher Lukas Stefanko. Once installed, the malicious app compromised and infected the device by asking the user to install a fake flash player update.
“After install and launch, Simple Call Recorder decrypts additional binary file carried in assets and dynamically loads it. This behaviour is typical for the most Android threats these days. This Trojanized app contains call recording functionality and malicious code responsible for downloading and installing additional app,” explained malware researcher Lukas Stefanko in a blog post.
Interestingly, the Simple Call Recorder application has been on the Play Store for almost over a year, which happens to be a really long time before being found and then finally removed.
It’s also worth noting that this isn’t the first time malware reseracher Stefanko has found a Trojanized Android app on the Google Play Store. Back in September, he found a Trojan-ridden banking app which also disguized itself as a functional phone call recording app and stole banking information from compromised Android devices.
Surprisingly, even this one lasted on the PlayStore for quite long and witnessed over 10,000 installs. The app was capable of stealing banking credentials even when SMS two-factor authentication was activated.
Besides, malware reseracher Stefanko also found 29 other malicious Android apps from August unitl early October 2018 in the Google Play store, which also masked themselves as authentic banking apps and used phishing forms to collect a user’s personal banking information. Fianlly, Stefanko suggests that if an Android app asks you to download Flash Player from servers besides Adobe, it should be taken as a warning sign as the app is most likely infected.
