An app malicious was detected on Google Play and has more than ten thousand downloads. Named “Daily Food Diary”, the Whatsapp pretends to be a tool for users to take photos of their meals and set alert times.
The cybercriminal who posted the malware on the Google app store managed to get around the Play Protect, a system that checks the integrity of applications before they are downloaded, hiding their malicious code.
Fortunately, after the discovery, made by Pradeo - a company that provides mobile security -, the application was removed from the Play Store - a place that has been available since the last 18th. Even so, some users must still have it installed on the device. If so, the recommendation is that it be removed immediately.
What ensured that the application could run without the user noticing it was a permission granted as soon as the software was accessed for the first time. By opening it, the user was asked to enable use in the background - in addition to allowing it to be started together with the cell phone.
Users also needed to grant constant permissions for the app to access the device's contacts and take control of the calls - possibly to block them, since if the phone rang, its background action could be interrupted.
Analyzing the lines of code, including, security researchers found that the malware found in the Google store is linked to the Joker - malicious agent that has been found in more than 1.700 apps on the Play Store.
Hiding your intentions
To hide its real purpose, the malicious code was hidden in an encrypted file identified by 0OO00l111l1l. Within that location, the researchers found the code itself, the key to Encryption and some additional features.
In addition, the system was so sophisticated that it was programmed not to execute malicious code if the software was run on an emulator. Making your discovery difficult.