This week, Malwarebytes tipped us to an app masquerading as a Google chat application. But don't believe it! This nasty app intercepts your SMS messages, and can even record your phone calls.
Fake Instant Messenger
Malwarebytes says that this malicious app is called "Google Korean IM." During installation, it requests Device Administrator access. Some Android users might not recognize this as problematic, but granting that level of access gives the app far-ranging powers over your phone. Device Admin apps can, for example, lock your phone or completely wipe it. Usually, we only see security apps or certain Google apps requesting this level of access.
But because this malware is after information, it uses its Device Admin powers to watch and listen. According to Malwarebytes, the app monitors incoming calls and can even record those phone calls, presumably sending the recordings off to a server somewhere.
The app also pays special attention to SMS messages, which the malware sends to a remote server. It can even capture victims' contact lists.
At first glance, this malicious app looks like the numerous spy apps sold to jealous spouses to spy on their significant others. The SMS and call interception are paramount features of this genre, but this app is missing the ability to geolocate the victim—a key facet of spy apps. Also, spy apps tend to be spread surreptitiously by the person who wants to do the spying. This app, on the other hand, has bigger aspirations.