A wave of fraudulent Android apps was downloaded more than 700,000 times from the Google Play Store before being removed, security researchers said.
Targeting users Southwest Asia and the Arabian Peninsula, the apps posed as photo editors, wallpapers, puzzles, keyboard skins and camera-related tools.
But once installed, they would hijack SMS message notifications and then make unauthorised purchases, McAfee said.
In order to bypass Google’s security protections, the scammers first submitted a clean version to the Play Store.
Further updates then added progressively malicious features, found McAfee, which calls the malware Etinu.
“The malware embedded in these apps takes advantage of dynamic code loading,” McAfee said in its advisory.
“Encrypted payloads of malware appear in the assets folder associated with the app, using names such as ‘cache.bin’, ‘settings.bin’, ‘data.droid’, or seemingly innocuous ‘.png’ files.”
In order to avoid the need for the SMS read permission, the malware hijacks the Notification Listener to steal incoming SMS messages.
This feature is similar to the Joker Android malware, as described by Trend Micro last month.
The Etinu malware then creates auto-renewing subscriptions without the user’s knowledge.
McAfee said the malware relies on abuse of the Notification Listener permission to carry out its work.
The company said it expects threats that take advantage of Notification Listener “will continue to flourish”.
“It’s important to pay attention to apps that request SMS-related permissions and Notification Listener permissions,” the company said.
“Simply put, legitimate photo and wallpaper apps simply won’t ask for those because they’re not necessary for such apps to run. If a request seems suspicious, don’t allow it.”
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…