Home News New Kotlin-Based Malware Found Within the Google Play Store

New Kotlin-Based Malware Found Within the Google Play Store

Jan 10, 2018

A new Kotlin-based malware has been found on Android and it has already made it onto the Google Play Store. This malware will sign you up to premium SMS services, along with steal your information, and even commit advertisement fraud. When it comes to various malware, the Kotlin-based malware is definitely one of the worst out there. If you have not heard of Kotlin before, keep reading to learn about the new malware that is using Kotlin programming to harm Android devices.

Kotlin-Based Malware Makes it Onto Google Play Store

The first thing we should tell you about is Kotlin itself, which is an official programming language for Android that is fully-supported. Kotlin is an open-source programming language that became an official language of Android back in May 2017. It is a very popular open-source language, with Netflix and Twitter being among those who use Kotlin. There are a ton of Android Studio projects using Kotlin, with estimates of it being used by about 17 percent of those projects.

With the Kotlin-based malware, it can steal all of your personal information, sign you up to premium SMS services without you knowing, and even commit advertisement fraud. All of this happens without you knowing and now the malware has been found within Google Play Store. What makes this all very interesting is that Google has many times talked about how safe Kotlin is and how there are features that will keep the apps healthy and safe. It appears that even Kotlin has some weaknesses, which have now been turned into malware that could significantly impact those on Android.

How the Kotlin-Based Malware Works

When it comes to the Kotlin-Based malware, it was uncovered by Trend Micro researchers. This appears to be the first type of malware that has been developed using the Kotlin programming language. What Trend Micro has found is that the malware is posing as a utility tool on Google Play Store. The utility tool, which is actually a malicious app, is supposed to optimize and clean your Android device. When it comes to this particular malicious app, it already has been downloaded up to 5,000 times on Google Play Store.

It works by stealing your information when you first launch the app. Your personal information is then sent to a remote server where the malware then can send an SMS to a specific number. The command and control center is where this number is coming from, and once that SMS has been received, the advertisement fraud begins to occur.

The advertisement fraud is easy to make happen since all the remote server has to do is begin a URL forwarding process. There is then a Wireless Application Protocol that is executed after the malware has received the command. This means that all information from your wireless network is accessed. Malicious Javascript coding is then able to access the data on the device itself.

More Details on Kotlin-Based Malware Functionality

While all of that sounds scary enough, there is even more to the Kotlin-based malware. The malware will be able to upload all of the information about your service provider. This information, along with login information, is then sent to that command and control center. You are then automatically signed up for various premium SMS services, which are very expensive and will cost the victim hundreds of dollars.

The victim in this case, which is the Android user, is unaware completely that any of this is going on. When you get your phone bill in the mail, you are then shocked to see these premium SMS charges on your account. Google said that Google Play Protect is supposed to protect you from getting this type of malware on your Android device.

With that being said, since one app with the Kotlin-based malware has ended up on Google Play Store, that means more are likely to happen. This app has been downloaded over 5,000 times, so it does not seem that Google Play Protect has actually worked in this case. Google maintains that Play Protect will protect you from the malware, so we do not know if the malware is being detected before it downloads completely or not. Either way, this is definitely not good news for those on Android.