Android Hackers Don't Rest Easy: Quickly Delete This App From Your Phone
A malicious app, posing as a health tool, has been discovered stealing private information on Android devices. It was found by McAfee on the Amazon Appstore, a platform that acts as an alternative to Google Play.
The app, called BMI CalculationVsn, appears to be a harmless tool that allows you to enter your weight and height to calculate your body mass index. However, cybersecurity experts at McAfee discovered that malicious activity aimed at stealing personal data was hiding behind this simple interface.
Among the malicious actions identified are collecting package names of installed apps, intercepting SMS messages, and recording the screen without legitimate permission. These hidden features pose a significant risk to user privacy.
According to McAfee: “We can see that this malware was first developed in October 2024 and was originally developed as a screen recording app, but halfway through, the app icon was changed to a BMI calculator and an SMS stealing update was added in the latest version.”
McAfee says that after being notified of the threat, Amazon removed the app from its store. However, cybersecurity experts warn that users who downloaded the app before it was removed could still be vulnerable.
This case highlights the risks of installing seemingly harmless apps without reviewing permissions. The malicious app requested access to features unrelated to its primary purpose, such as screen recording and SMS, raising suspicions among researchers.
The discovery of BMI CalculationVsn is a reminder of the increasing ingenuity of cybercriminals to hide malware in seemingly legitimate applications. We recommend that you remove the application immediately if you have it installed on your phone.