Search This Blog

Powered by Blogger.

Blog Archive

Labels

First Android malware developed in Kotlin language discovered

Following the footsteps of Apple’s homegrown Swift programming language for developing iOS apps, Kotlin has been growing at a fast pace. This doesn’t mean that all Kotlin developers are learning it with an aim to code safer and faster Android apps.

A cyber-security firm has discovered what they believe to be the first Android malware family written in the Kotlin programming language.

Kotlin is a popular language used for writing Android apps. Twitter, Pinterest and Netflix are among some of the top apps that still use Kotlin.
"Kotlin is described as concise, drastically reducing the amount of boilerplate code; safe, because it avoids entire classes of errors such as null pointer exceptions; interoperable for leveraging existing libraries for JVM, Android, and the browser; and tool-friendly because of its capability to choose any Java IDE or build from the command line," Trend Micro researchers said in a blog. "However, it's still unknown if the abovementioned features of Kotlin can make a difference when creating malware."

First spotted by Trend Micro, the malware was found inside an Android application available on the official Google Play Store posing as legitimate phone utility cleaner app named Swift Cleaner.

Thankfully, the malware-laced app has just 1,000 to 5,000 installs. However, it has some dangerous tricks up its sleeve.

At the moment, it’s not known if Kotlin’s advanced and user-friendly features have made a difference while creating malware.

The data-stealing malware is also capable of other kinds of malicious activities such as performing click ad frauds, remote command execution and sending SMS. According to security researchers at Trend Micro, who discovered the Android malware, it can also sign up victims for premium SMS subscription services, without their knowledge or permission.

When the app is launched, the malware sends the device information to the remote server through an SMS. Once the SMS is received the remote server executes click ad fraud via URL forwarding. With the help of Wireless Application Protocol (WAP) task, the injection of malicious JavaScript code takes place for completing the process.

The malware does not have a fancy name just yet, but Trend Micro detects it as ANDROIDOS_BKOTKLIND.HRX. The malicious app was spotted on infected phones with the following package names.

com.pho.nec.sg.app.cleanapplication
com.pho.nec.pcs
com.pho.nec.sg
Share it: