A trojan wrapped into inside a Simple Call Recorder app was discovered by an ESET malware researcher Lukas Stefanko. The malware tricks user in downloading an additional app, which appears as a recent Update from Adobe Flash Player.
The security researcher discovered the malicious app on the Google Play Store on November 30, 2017, till then the app has been installed more than 5,000 times on different devices.
“Simple Call Recorder lasted on the Google Play almost for a year, which is really a long time before being removed, if we consider that the app contained flashplayer_update.apk string inside,” said Stefanko in a post.
The app Simple Call Recorder was published by FreshApps Group, but now it has been removed from the Google Play.
Once the app is installed in the device, it automatically decrypts the additional binary file carried in “assets” and dynamically loads the files, said Stefanko.
The app is capable of both recording the calls and downloading an additional malicious app.
Stefanko said that “I could not retrieve the app through the link that is hard-coded into the APK. It is likely that the app has already been removed from the server after being available for download for over 11 months, but the server is still live.”
According to Stefanko, he found two other call recording apps on Google Play, which has the same functionality as of Simple Call Recorder, but they did not contain any kind of malicious code.
Till today, Stefanko has found more than 50 malicious apps, which has been installed on more than 350,000 times on different platforms with capabilities varying from scooping on WhatsApp messages to sensitive data like browsing history, photos, passwords etc.