February 4, 2020 By David Bisson 2 min read

Security researchers discovered a new form of Android malware that is attempting to steal money from diabetic patients.

In September 2019, FortiGuard Labs came across a sample of the Android malware, detected as Android/FakePlayer.X!tr, operating within a program called “Treatment for Diabetes.” The security firm’s researchers analyzed the app and found that it provides users with information pertaining to diabetes. For instance, they observed that the app contains facts and myths about diabetes as well as information regarding diagnosis methods, treatment options and insulin.

Upon closer examination, however, researchers noticed the app doing something unexpected. It was leveraging a successful installation to request permission to view and send SMS messages, an unusual request for a medical application. In the event that a user approved, the malware then used a Trojan dialer to send SMS messages to the phone number 5554, presumably in an attempt to steal money from its victims.

Stay Alert for Malicious Health-Related Apps

This isn’t the first time that FortiGuard Labs came across a health-related app containing Android malware. As reported by ZDNet, the research team presented on three other malicious programs at the Virus Bulletin 2019 conference in London. One of those apps claimed that it could tell users their life expectancy if they filled out a form, but the program behaved suspiciously, covertly sending the information entered by the user to a remote server. Another program claimed to help users manage their diabetes, but the app failed to work unless they installed other apps full of adware. The last app did provide advice on diabetes but also tracked a user’s GPS location, IP address and the other apps installed on their device.

Through these programs, attackers might have directly stolen money from their victims. They might have also compromised the privacy of their users by stealing their device information, as well as personal and even medical information. Attackers can monetize such details on the dark web, thereby opening the door for secondary attacks against victims.

How to Defend Against Android Malware

Consumers should always be wary of mobile apps that request strange permissions upon installation and ensure they are downloading apps from a legitimate marketplace. Attackers have shown they won’t hesitate to employ social engineering methods to deceive individuals, making security awareness crucial for mobile device users.

Security professionals can help defend their organizations against Android malware by investing in a mobile device management (MDM) platform that helps manage and secure mobile and internet of things (IoT) devices. Companies should also consider implementing a zero-trust model by tightly integrating their identity and access management (IAM), unified endpoint management (UEM) and mobile threat defense (MTD) capabilities.

More from

CVE-2023-20078 technical analysis: Identifying and triggering a command injection vulnerability in Cisco IP phones

7 min read - CVE-2023-20078 catalogs an unauthenticated command injection vulnerability in the web-based management interface of Cisco 6800, 7800, and 8800 Series IP Phones with Multiplatform Firmware installed; however, limited technical analysis is publicly available. This article presents my findings while researching this vulnerability. In the end, the reader should be equipped with the information necessary to understand and trigger this vulnerability.Vulnerability detailsThe following Cisco Security Advisory (Cisco IP Phone 6800, 7800, and 8800 Series Web UI Vulnerabilities - Cisco) details CVE-2023-20078 and…

X-Force data reveals top spam trends, campaigns and senior superlatives in 2023

10 min read - The 2024 IBM X-Force Threat Intelligence Index revealed attackers continued to pivot to evade detection to deliver their malware in 2023. The good news? Security improvements, such as Microsoft blocking macro execution by default starting in 2022 and OneNote embedded files with potentially dangerous extensions by mid-2023, have changed the threat landscape for the better. Improved endpoint detection also likely forced attackers to shift away from other techniques prominent in 2022, such as using disk image files (e.g. ISO) and…

The compelling need for cloud-native data protection

4 min read - Cloud environments were frequent targets for cyber attackers in 2023. Eighty-two percent of breaches that involved data stored in the cloud were in public, private or multi-cloud environments. Attackers gained the most access to multi-cloud environments, with 39% of breaches spanning multi-cloud environments because of the more complicated security issues. The cost of these cloud breaches totaled $4.75 million, higher than the average cost of $4.45 million for all data breaches.The reason for this high cost is not only the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today