Light Dark
February 4, 2020 By David Bisson 2 min read

Security researchers discovered a new form of Android malware that is attempting to steal money from diabetic patients.

In September 2019, FortiGuard Labs came across a sample of the Android malware, detected as Android/FakePlayer.X!tr, operating within a program called “Treatment for Diabetes.” The security firm’s researchers analyzed the app and found that it provides users with information pertaining to diabetes. For instance, they observed that the app contains facts and myths about diabetes as well as information regarding diagnosis methods, treatment options and insulin.

Upon closer examination, however, researchers noticed the app doing something unexpected. It was leveraging a successful installation to request permission to view and send SMS messages, an unusual request for a medical application. In the event that a user approved, the malware then used a Trojan dialer to send SMS messages to the phone number 5554, presumably in an attempt to steal money from its victims.

Stay Alert for Malicious Health-Related Apps

This isn’t the first time that FortiGuard Labs came across a health-related app containing Android malware. As reported by ZDNet, the research team presented on three other malicious programs at the Virus Bulletin 2019 conference in London. One of those apps claimed that it could tell users their life expectancy if they filled out a form, but the program behaved suspiciously, covertly sending the information entered by the user to a remote server. Another program claimed to help users manage their diabetes, but the app failed to work unless they installed other apps full of adware. The last app did provide advice on diabetes but also tracked a user’s GPS location, IP address and the other apps installed on their device.

Through these programs, attackers might have directly stolen money from their victims. They might have also compromised the privacy of their users by stealing their device information, as well as personal and even medical information. Attackers can monetize such details on the dark web, thereby opening the door for secondary attacks against victims.

How to Defend Against Android Malware

Consumers should always be wary of mobile apps that request strange permissions upon installation and ensure they are downloading apps from a legitimate marketplace. Attackers have shown they won’t hesitate to employ social engineering methods to deceive individuals, making security awareness crucial for mobile device users.

Security professionals can help defend their organizations against Android malware by investing in a mobile device management (MDM) platform that helps manage and secure mobile and internet of things (IoT) devices. Companies should also consider implementing a zero-trust model by tightly integrating their identity and access management (IAM), unified endpoint management (UEM) and mobile threat defense (MTD) capabilities.

 |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

March 26, 2025

We are moving!

< 1 min read - SecurityIntelligence.com is being sunset, but have no fear!We have a new home for all of your favorite security and X-Force content.Follow us to www.ibm.com/think to maintain access to the stories and news you love, both new and old.Security Intelligence will officially sunset on Friday, March 28, 2025. To access the latest security thought leadership, go here. To access the latest X-Force research, go here.If you are experiencing cybersecurity issues or an incident, contact X-Force® to help:US hotline: 1-888-241-9812 | Global hotline:…

March 18, 2025

Bypassing Windows Defender Application Control with Loki C2

10 min read - Windows Defender Application Control (WDAC) is a security solution that restricts execution to trusted software. Since it is classified as a security boundary, Microsoft offers bug bounty payouts for qualifying bypasses, making it an active and competitive field of research.Typical outcomes of a WDAC bypass bug bounty submission:Bypass is fixed; possible bounty awardedBypass is not fixed but instead "mitigated" by being added to the WDAC recommended block list. Likely no bounty awarded but honorable mention is typically givenBypass is not…

March 4, 2025

FYSA — VMware Critical Vulnerabilities Patched

< 1 min read - SummaryBroadcom has released a security bulletin, VMSA-2025-0004, addressing and remediating three vulnerabilities that, if exploited, could lead to system compromise. Products affected include vCenter Server, vRealize Operations Manager, and vCloud Director.Threat TopographyThreat Type: Critical VulnerabilitiesIndustry: VirtualizationGeolocation: GlobalOverviewX-Force Incident Command is monitoring activity surrounding Broadcom’s Security Bulletin (VMSA-2025-0004) for three potentially critical vulnerabilities in VMware products. These vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, have reportedly been exploited in attacks. X-Force has not been able to validate those claims. The vulnerabilities…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature