RiskIQ has discovered that Advanced Battery Saver, a mobile app downloadable from Google Play that lengthens a device’s battery life, is maliciously stealing information from users’ phones, including IMEI, phone numbers, phone type/brand/model, location and more.
According to RiskIQ’s observations, more than 60,000 Android devices have downloaded the app, meaning that thousands of those devices will be under its control.
Read the full RiskIQ observations here: https://www.riskiq.com/blog/interesting-crawls/battery-saving-mobile-scam-app
Fabian Libeau, VP of EMEA at RiskIQ, offers the following comment on the malicious mobile app observed and why an urgent clean-up is required:
“The 60,000 plus users who have downloaded the malicious Advanced Saver Battery app will likely have no idea that its linked to strange behaviour on their device – or that their personal information may have been compromised. While this campaign is unusual in itself, not least because it contains several different elements and may involve two separate threat groups, the biggest concern is that hackers could have control of thousands of Android devices.
“This is an example of an app that does exactly what it says on the tin – in this case, power saving and an extended battery life – but is hiding a nasty secret in the form of a phishing scam. What’s interesting about this particular phishing campaign is that it directs people to a mobile app instead of a webpage, which is an increasingly common tactic hackers are using as they combine web, social and mobile apps in their scams.
“This latest observation is simply a mobile clean-up catastrophe waiting to happen. Companies must have the intelligence that enables them to identify phishing threats targeting their digital footprint, while extending that protection to their users. Mobile users should also become more savvy when it comes to mobile apps they are not familiar with – despite this phishing campaign being clumsily written, which should have been a warning not to proceed, more than 60,000 users still went ahead and downloaded the app. It’s a painful clean-up process, but it will be critical now that the EU GDPR is in full force.”