EN
EN DE
EN
EN DE
Contact Us
Sign Up
Topics
Finance & insurance
Trade
Industry
IT & Consulting
Tourism
Transport
Law
Public

Android malware found on Amazon Appstore disguised as health app

0
Share:

A malicious Android spyware application named ‘BMI CalculationVsn’ was discovered on the Amazon Appstore, masquerading as a simple health tool but stealing data from infected devices in the background.

The application was discovered by McAfee Labs researchers, who notified Amazon, leading to the application being removed from the store.

However, those who installed the app must manually remove it and perform a full scan to eliminate any leftover traces.

Android spyware on the Amazon store

The Amazon Appstore is a third-party app store for Android devices that comes pre-installed on Amazon Fire tablets and Fire TV devices.

It is also an alternative to Google Play for Android device owners who can’t or don’t want to use Google’s platform, even offering exclusive Amazon Prime games and content.

The BMI CalculationVsn spyware app, published by ‘PT Visionet Data Internasional,’ is promoted as a simple body mass index (BMI) calculator tool.

Spyware app
Spyware app on the Amazon Appstore
Source: McAfee

Opening the malicious app welcomes the user to a simple interface that provides the promised functionality, such as calculating their BMI. However, additional malicious actions are happening in the background.

First, the app starts a screen recording service that requests the appropriate permission when the user clicks the ‘Calculate’ button, which can be deceptive and trick people into reflex approvals.

Requesting permission to record the screen
Requesting permission to record the screen
Source: McAfee

McAfee says the recording is stored locally in an MP4 file but was not uploaded onto the command and control (C2) server, likely due to the app still being in an early testing development phase.

Code to record the device screen
Code to record the device screen
Source: McAfee

A little more digging into its release history by the researchers showed that the app first appeared in the wild on October 8. By the end of the month, it had changed its icon, added more malicious functions, and changed the certificate information.

The second malicious action performed by the app is scanning the device to retrieve all installed applications, allowing the attackers to plan their next steps.

Finally, the spyware intercepts and collects SMS messages sent and stored on the device, including one-time passwords (OTPs) and verification codes.

Stealing sensitive user data
Stealing sensitive user data
Source: McAfee

Given that dangerous apps can still slip through code review cracks in legitimate and otherwise trustworthy stores like the Amazon Appstore, it is important for Android users to only install apps from well-known publishers.

It is also recommended to scrutinize requested permissions and revoke risky ones even after installation.

Google Play Protect can detect and block known malware discovered by App Security Alliance partners, including McAfee, so keeping it active on Android devices is crucial.

Leave a Comment

Your email address will not be published. Required fields are marked *

loader-image
London, GB
8:47 am, May 9, 2025
weather icon 10°C
L: 8° | H: 11°
overcast clouds
Humidity: 82 %
Pressure: 1021 mb
Wind: 6 mph NE
Wind Gust: 0 mph
UV Index: 0
Precipitation: 0 mm
Clouds: 100%
Rain Chance: 0%
Visibility: 10 km
Sunrise: 5:17 am
Sunset: 8:35 pm
DailyHourly
Daily ForecastHourly Forecast
Today 10:00 pm
weather icon
8° | 11°°C 0 mm 0% 12 mph 82 % 1022 mb 0 mm/h
Tomorrow 10:00 pm
weather icon
9° | 20°°C 0 mm 0% 12 mph 86 % 1021 mb 0 mm/h
Sun May 11 10:00 pm
weather icon
11° | 23°°C 0.94 mm 94% 12 mph 86 % 1015 mb 0 mm/h
Mon May 12 10:00 pm
weather icon
12° | 21°°C 0.97 mm 97% 11 mph 95 % 1016 mb 0 mm/h
Tue May 13 10:00 pm
weather icon
13° | 21°°C 0.46 mm 46% 11 mph 77 % 1022 mb 0 mm/h
Today 10:00 am
weather icon
10° | 13°°C 0 mm 0% 8 mph 82 % 1021 mb 0 mm/h
Today 1:00 pm
weather icon
12° | 16°°C 0 mm 0% 12 mph 67 % 1021 mb 0 mm/h
Today 4:00 pm
weather icon
15° | 17°°C 0 mm 0% 11 mph 49 % 1020 mb 0 mm/h
Today 7:00 pm
weather icon
15° | 15°°C 0 mm 0% 9 mph 40 % 1020 mb 0 mm/h
Today 10:00 pm
weather icon
12° | 12°°C 0 mm 0% 8 mph 63 % 1022 mb 0 mm/h
Tomorrow 1:00 am
weather icon
12° | 12°°C 0 mm 0% 6 mph 74 % 1021 mb 0 mm/h
Tomorrow 4:00 am
weather icon
9° | 9°°C 0 mm 0% 4 mph 86 % 1020 mb 0 mm/h
Tomorrow 7:00 am
weather icon
11° | 11°°C 0 mm 0% 6 mph 79 % 1020 mb 0 mm/h
Weather from OpenWeatherMap
Name Price24H (%)
Bitcoin(BTC)
€92,406.70
4.54%
Ethereum(ETH)
€2,051.89
18.89%
Tether(USDT)
€0.89
-0.01%
XRP(XRP)
€2.08
6.73%
Solana(SOL)
€146.94
8.85%
USDC(USDC)
€0.89
0.00%
Dogecoin(DOGE)
€0.183516
13.13%
Shiba Inu(SHIB)
€0.000013
10.30%
Pepe(PEPE)
€0.000011
31.07%
Peanut the Squirrel(PNUT)
€0.260461
73.56%
Risikomonitor
Know and monitor IT vulnerabilities with just one click before it is too late.

Utility link

Useful link

Newsletter

Follow Us

Facebook Twitter Youtube Linkedin

© 2025 risikomonitor.com gmbh

Scroll to Top