Trojanized Android App Found on Google Play with More Than 5,000 Installs

[silversurfer]

An Android call recording application with hidden malicious code designed as a malware dropper was found by malware researcher Lukas Stefanko in the Google Play store.

At the moment Stefanko discovered the "Simple Call Recorder" application published by FreshApps Group already had over 5,000 installs and it was available on Google Play for since November 30, 2017.
Although Simple Call Recorder was a functional call recorder it also had another hidden purpose which " was to download an additional app and trick the user into installing it as Flash Player Update," according to Stefanko.

The malicious app tries to compromise the device it is installed on by decrypting a binary file which it loads from its assets, dynamically loading it, and subsequently asking the user to install a fake flash updater from http://adsmserver[.]club/up/update.apk (the installer is now removed and redirects to Google's AdMob.)
Because the malware payload was no longer available, it's impossible to know what the FreshApps Group Android developer used it for but, given the way it was designed to be downloaded on the targeted devices, it's quite evident that it was a malicious tool.

Source: https://news.softpedia.com/news/trojaniz...3743.shtml