EN
EN DE
EN
EN DE
Contact Us
Sign Up
Topics
Finance & insurance
Trade
Industry
IT & Consulting
Tourism
Transport
Law
Public

Android malware found on Amazon Appstore disguised as health app

0
Share:

A malicious Android spyware application named ‘BMI CalculationVsn’ was discovered on the Amazon Appstore, masquerading as a simple health tool but stealing data from infected devices in the background.

The application was discovered by McAfee Labs researchers, who notified Amazon, leading to the application being removed from the store.

However, those who installed the app must manually remove it and perform a full scan to eliminate any leftover traces.

Android spyware on the Amazon store

The Amazon Appstore is a third-party app store for Android devices that comes pre-installed on Amazon Fire tablets and Fire TV devices.

It is also an alternative to Google Play for Android device owners who can’t or don’t want to use Google’s platform, even offering exclusive Amazon Prime games and content.

The BMI CalculationVsn spyware app, published by ‘PT Visionet Data Internasional,’ is promoted as a simple body mass index (BMI) calculator tool.

Spyware app
Spyware app on the Amazon Appstore
Source: McAfee

Opening the malicious app welcomes the user to a simple interface that provides the promised functionality, such as calculating their BMI. However, additional malicious actions are happening in the background.

First, the app starts a screen recording service that requests the appropriate permission when the user clicks the ‘Calculate’ button, which can be deceptive and trick people into reflex approvals.

Requesting permission to record the screen
Requesting permission to record the screen
Source: McAfee

McAfee says the recording is stored locally in an MP4 file but was not uploaded onto the command and control (C2) server, likely due to the app still being in an early testing development phase.

Code to record the device screen
Code to record the device screen
Source: McAfee

A little more digging into its release history by the researchers showed that the app first appeared in the wild on October 8. By the end of the month, it had changed its icon, added more malicious functions, and changed the certificate information.

The second malicious action performed by the app is scanning the device to retrieve all installed applications, allowing the attackers to plan their next steps.

Finally, the spyware intercepts and collects SMS messages sent and stored on the device, including one-time passwords (OTPs) and verification codes.

Stealing sensitive user data
Stealing sensitive user data
Source: McAfee

Given that dangerous apps can still slip through code review cracks in legitimate and otherwise trustworthy stores like the Amazon Appstore, it is important for Android users to only install apps from well-known publishers.

It is also recommended to scrutinize requested permissions and revoke risky ones even after installation.

Google Play Protect can detect and block known malware discovered by App Security Alliance partners, including McAfee, so keeping it active on Android devices is crucial.

Leave a Comment

Your email address will not be published. Required fields are marked *

loader-image
London, GB
10:41 pm, Apr 3, 2025
weather icon 12°C
L: 11° | H: 13°
broken clouds
Humidity: 73 %
Pressure: 1020 mb
Wind: 5 mph E
Wind Gust: 9 mph
UV Index: 0
Precipitation: 0 mm
Clouds: 83%
Rain Chance: 0%
Visibility: 10 km
Sunrise: 6:30 am
Sunset: 7:36 pm
DailyHourly
Daily ForecastHourly Forecast
Tomorrow 10:00 pm
weather icon
11° | 13°°C 0 mm 0% 13 mph 85 % 1020 mb 0 mm/h
Sat Apr 05 10:00 pm
weather icon
7° | 17°°C 0 mm 0% 13 mph 72 % 1022 mb 0 mm/h
Sun Apr 06 10:00 pm
weather icon
7° | 13°°C 0 mm 0% 13 mph 79 % 1026 mb 0 mm/h
Mon Apr 07 10:00 pm
weather icon
6° | 14°°C 0 mm 0% 9 mph 75 % 1029 mb 0 mm/h
Tue Apr 08 10:00 pm
weather icon
6° | 16°°C 0 mm 0% 8 mph 71 % 1029 mb 0 mm/h
Tomorrow 1:00 am
weather icon
11° | 12°°C 0 mm 0% 3 mph 74 % 1020 mb 0 mm/h
Tomorrow 4:00 am
weather icon
11° | 11°°C 0 mm 0% 4 mph 79 % 1020 mb 0 mm/h
Tomorrow 7:00 am
weather icon
10° | 10°°C 0 mm 0% 5 mph 85 % 1020 mb 0 mm/h
Tomorrow 10:00 am
weather icon
17° | 17°°C 0 mm 0% 10 mph 64 % 1020 mb 0 mm/h
Tomorrow 1:00 pm
weather icon
20° | 20°°C 0 mm 0% 12 mph 40 % 1019 mb 0 mm/h
Tomorrow 4:00 pm
weather icon
18° | 18°°C 0 mm 0% 13 mph 38 % 1018 mb 0 mm/h
Tomorrow 7:00 pm
weather icon
15° | 15°°C 0 mm 0% 11 mph 54 % 1018 mb 0 mm/h
Tomorrow 10:00 pm
weather icon
12° | 12°°C 0 mm 0% 10 mph 64 % 1019 mb 0 mm/h
Weather from OpenWeatherMap
Name Price24H (%)
Bitcoin(BTC)
€74,558.82
-2.57%
Ethereum(ETH)
€1,628.58
-3.65%
Tether(USDT)
€0.90
-0.03%
XRP(XRP)
€1.85
-2.16%
USDC(USDC)
€0.90
-0.01%
Solana(SOL)
€105.10
-7.43%
Dogecoin(DOGE)
€0.144095
-6.02%
Shiba Inu(SHIB)
€0.000011
-2.46%
Pepe(PEPE)
€0.000006
-9.40%
Risikomonitor
Know and monitor IT vulnerabilities with just one click before it is too late.

Utility link

Useful link

Newsletter

Follow Us

Facebook Twitter Youtube Linkedin

© 2025 risikomonitor.com gmbh

Scroll to Top