Security researchers discovered a new form of Android malware that is attempting to steal money from diabetic patients.

In September 2019, FortiGuard Labs came across a sample of the Android malware, detected as Android/FakePlayer.X!tr, operating within a program called “Treatment for Diabetes.” The security firm’s researchers analyzed the app and found that it provides users with information pertaining to diabetes. For instance, they observed that the app contains facts and myths about diabetes as well as information regarding diagnosis methods, treatment options and insulin.

Upon closer examination, however, researchers noticed the app doing something unexpected. It was leveraging a successful installation to request permission to view and send SMS messages, an unusual request for a medical application. In the event that a user approved, the malware then used a Trojan dialer to send SMS messages to the phone number 5554, presumably in an attempt to steal money from its victims.

Stay Alert for Malicious Health-Related Apps

This isn’t the first time that FortiGuard Labs came across a health-related app containing Android malware. As reported by ZDNet, the research team presented on three other malicious programs at the Virus Bulletin 2019 conference in London. One of those apps claimed that it could tell users their life expectancy if they filled out a form, but the program behaved suspiciously, covertly sending the information entered by the user to a remote server. Another program claimed to help users manage their diabetes, but the app failed to work unless they installed other apps full of adware. The last app did provide advice on diabetes but also tracked a user’s GPS location, IP address and the other apps installed on their device.

Through these programs, attackers might have directly stolen money from their victims. They might have also compromised the privacy of their users by stealing their device information, as well as personal and even medical information. Attackers can monetize such details on the dark web, thereby opening the door for secondary attacks against victims.

How to Defend Against Android Malware

Consumers should always be wary of mobile apps that request strange permissions upon installation and ensure they are downloading apps from a legitimate marketplace. Attackers have shown they won’t hesitate to employ social engineering methods to deceive individuals, making security awareness crucial for mobile device users.

Security professionals can help defend their organizations against Android malware by investing in a mobile device management (MDM) platform that helps manage and secure mobile and internet of things (IoT) devices. Companies should also consider implementing a zero-trust model by tightly integrating their identity and access management (IAM), unified endpoint management (UEM) and mobile threat defense (MTD) capabilities.

More from

Emotional Blowback: Dealing With Post-Incident Stress

Cyberattacks are on the rise as adversaries find new ways of creating chaos and increasing profits. Attacks evolve constantly and often involve real-world consequences. The growing criminal Software-as-a-Service enterprise puts ready-made tools in the hands of threat actors who can use them against the software supply chain and other critical systems. And then there's the threat of nation-state attacks, with major incidents reported every month and no sign of them slowing. Amidst these growing concerns, cybersecurity professionals continue to report…

RansomExx Upgrades to Rust

IBM Security X-Force Threat Researchers have discovered a new variant of the RansomExx ransomware that has been rewritten in the Rust programming language, joining a growing trend of ransomware developers switching to the language. Malware written in Rust often benefits from lower AV detection rates (compared to those written in more common languages) and this may have been the primary reason to use the language. For example, the sample analyzed in this report was not detected as malicious in the…

Why Operational Technology Security Cannot Be Avoided

Operational technology (OT) includes any hardware and software that directly monitors and controls industrial equipment and all its assets, processes and events to detect or initiate a change. Yet despite occupying a critical role in a large number of essential industries, OT security is also uniquely vulnerable to attack. From power grids to nuclear plants, attacks on OT systems have caused devastating work interruptions and physical damage in industries across the globe. In fact, cyberattacks with OT targets have substantially…

Resilient Companies Have a Disaster Recovery Plan

Historically, disaster recovery (DR) planning focused on protection against unlikely events such as fires, floods and natural disasters. Some companies mistakenly view DR as an insurance policy for which the likelihood of a claim is low. With the current financial and economic pressures, cutting or underfunding DR planning is a tempting prospect for many organizations. That impulse could be costly. Unfortunately, many companies have adopted newer technology delivery models without DR in mind, such as Cloud Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS)…