First Android malware developed in Kotlin programming language exposure, kotlinandroid

First Android malware developed in Kotlin programming language exposure, kotlinandroid

Network security vendors have discovered the new Android malware family and have basically confirmed that it is the first malicious tool developed in the Kotlin programming language.

The malware is hidden from Android apps that counterfeit Swift Cleaner in the official Google Play Store and is downloaded multiple times as a mobile cleaning tool.

The malware has not yet been officially named. It is called ANDROIDOS_BKOTKLIND.HRX for the time being. The malicious app uses a software package with the following name on the infected mobile phone device:

Com. pho. nec. sg. app. cleanapplication

Com. pho. nec. pcs

Com. pho. nec. sg

Google has removed this counterfeit Swift Cleaner application containing new malware from Play Store.

This malware is used for AD click and SMS fraud.

Researchers have pointed out that the malware contains multiple features, but frauds use only a portion of them. According to a report released this week, the malware operator uses the target mobile phone to induce users to click ads, and quietly uses the victim's mobile phone number to subscribe to paid SMS messages. It is worth noting that the malware can bypass the CAPTCHA solution used by some paid SMS services.

In addition, the malware can remotely execute code, steal information, send text messages, and implement URL forwarding.

So far, all Android malware detected by security vendors have been written in Java. Considering that Java has become the second supported language for the Android operating system, it is understandable for malicious attackers to turn their attention to Kotlin.

In addition, security insiders generally expect Kotlin to become the main programming language for Android applications in the next few years.

Another new type of malware

In addition to threats based on the Kotlin language, the second report was released this week, which talked about another Android malware worth noting.

The new type of malware named FakeBank is a mobile banking Trojan. Currently, it is only applicable to banks in Russian countries.

The researchers pointed out that FakeBank seems to be associated with the Fanta SDK Android banking trojan in 2016. Fanta SDK is widely watched because it uses an innovative technology that can change the smartphone's PIN code, lock the screen, and extract funds from the victim's bank account.