Over 500,000 Android phone and tablet users have fallen for a malicious attack, using an app found on the Google Play app store. The app was found exfiltrating users’ contact lists, and then signing up the users to unwanted paid premium subscriptions without their knowledge and consent.
The latest malware was found in a messaging application called Color Message, which has since been removed from the app marketplace.
How Color Message Works
From the moment it is downloaded, Color Message can access user contact lists, which then allows the hacker to automatically exfiltrate the network and subscribe to unwanted paid services. It has been noted that Colour Message is difficult to identify and remove, with the app hiding it’s icon once it has been installed. Therefore, to uninstall the app, you must dig through the settings on your phone or tablet.
Colour Message Terms and Conditions
“We are committed to ensuring that the app is as useful and efficient as possible”, documented the hackers in the app terms and conditions. “And for that reason, we reserve the rights to change the app or charge for its services, at any time and for any reason. We will never charge you for the app or its services without making it very clear to you exactly what you’re paying for”.
Hackers have continued to skirt Google Play protections, using a barrage of evasion tactics since 2017.
Contact Agilient to find out how you can ensure the apps you download are not malware, and how to keep your Android devices secure.
Author: Mahdi Kobeissi, Cyber Security Consultant