Millions of Android users visit the Google Play store daily, and if you’re one of them (which is likely), it would be best to take heed of a recent Avast malware detection.
According to Avast’s official blog, the security company detected suspicious behaviour from an Android app named Cámara Visión Nocturna. The app’s purported purpose was to add a shoddy night-vision functionality to your smartphone’s camera, and it was listed as “free”.
Once users downloaded the app it would request permission to send and write SMS (text) messages on your phone. This in itself should set off alarm bells, as a camera app would hardly need permission to send out texts.
When permission was granted, the malicious app would scan a users’ smartphone for popular instant messaging apps (WhatApp, ChatOn, etc.) in order to locate their phone number (which IM apps require to function).
After the number had been hijacked the CVN app would send it to a server which would register it for a premium SMS service. Once your number is subscribed it would charge users €2 (almost $3 USD), and would be able to keep charging you up to a maximum of €36 ($50 USD) a month!
After this cap had been hit the service would time out (luckily), but unwitting Android users would still be short $50 with no idea why.
The CVN app has since been removed from the Google Play store. Users who employ some form of security software (such as Avast Mobile Security) would have been safe from the threat, and so would users who kept a closer eye on app permissions.
Nevertheless, breaches like this makes it clear that smartphone security should be considered just as important as PC security (something which many users still don’t realize).