The app was published by FreshApps Group, the main purpose of the app is to download and install the app that mimics as Flash player update.
Once the app launched it decrypts the additional binary file carried in assets and dynamically loads it, Stefanko said. The app carries both the call recording functionality and the malicious script that downloads an additional app.
Stefanko said that “I could not retrieve the app through the link that is hard-coded into the APK. It is likely that the app has already been removed from the server after being available for download for over 11 months, but the server is still live.”
He also found two other call recording apps on play store with the same functionality, but they didn’t contain malicious code. Seems the attacker uploaded these apps to use as an alternative source.
Stefanko recently spotted more than 50 malicious apps, with more than 350,000 installs spying users WhatsApp messages and other sensitive data such as browsing history, photos.
Common Tips to Catch Fake Android App
Look at the publish date. A fake app will have a recent published date.
Do a little research about the developer of the app you plan to install.
Very important – read all app permissions carefully.
Common Defences On Mobile Threats
Give careful consideration to the permission asked for by applications.
Download applications from trusted sources.
Stay up with the latest version.
Encrypt your devices.