Security

First malicious Android app built with open source Kotlin language found wild

The malicious Swift Cleaner, found in the Google Play store, can send SMS messages, perform ad fraud, and more, according to a Trend Micro report.

Building a slide deck, pitch, or presentation? Here are the big takeaways:
  • The first example of a malicious app built with the open source Kotlin programming language has been found in the Google Play store.
  • Trend Micro estimates that the app—named Swift Cleaner—has thousands of installs, and could perform a number of malicious activities.

For the first time, a malicious Android application built with Kotlin has been discovered in the Google Play store. First noted by Trend Micro researchers in a Tuesday blog post, it's possible that the app has already been downloaded thousands of times.

In late November 2017, it was reported that 17% of the projects in Android Studio were using Kotlin. Because it's becoming easier to convert Java code to Kotlin, and the new language features a null-safety feature that can improve app quality, we'll likely see even more apps developed with the language. However, this also means we could see more malicious apps developed with Kotlin as well.

SEE: Mobile app development policy (Tech Pro Research)

According to the Trend Micro blog post, the malicious app is masquerading as an Android device cleaning and optimization tool called Swift Cleaner. Once downloaded, it can perform many nefarious activities, including sending SMS messages on behalf of the user, remotely executing code, stealing data, forwarding URLs, and click ad fraud.

Additionally, it can "sign up users for premium SMS subscription services without their permission," the post said. So far, Trend Micro estimates that between 1,000 and 5,000 users have downloaded the application.

When a user launches the app, the first thing it will do is send information from the device to its command and control servers, while also sending an SMS message to a certain number on the server as well, the blog post said.

Once the SMS is received, URL forwarding and ad fraud initiatives begin.

Because some online advertising generates revenue based on the number of clicks ads get, some malicious apps—like Swift Cleaner—will automate ad clicks with ad click fraud. This is bad enough, but the SMS subscription aspect of Swift Cleaner could cost the victim real money, the post noted.

Trend Micro said that it has informed Google of the malicious app, and that Google told them that "Google Play Protect has protections in place to protect users from this malware family." Still, users should be careful when downloading Android apps, especially from unrecognized developers, or from third-party app stores.

Also see

kotlinandroid.jpg
Image: Conner Forrest/TechRepublic

About Conner Forrest

Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.

Editor's Picks

Free Newsletters, In your Inbox