AH Virus Malware Piracy Skull Death Samsung logo 1.0

Fraudulent Application Removed From Google Play Store

July 7, 2015 - Written By David Steele

Google has removed a fake battery monitoring application that appears designed to compromise the device it is installed on. The malicious application, named BatteryBot Pro, was offered for free and was spotted by Zscaler. The biggest clue about the fake application is that it had significantly more permissions required compared with the real deal and these included demanding administration rights to the device. Once these have been granted, the application would provide the same functionality as the genuine application in the foreground, whilst working away in the background. Zscaler believe the malicious application was likely trying to put together an army of compromised Android smartphones and tablets designed for click fraud, advert fraud and premium SMS scamming. The application downloaded fraudulent advert libraries in the background.

The application also gathered other information including available memory on the device, the IMEI, carrier, location, language, handset or tablet make and model, and SIM card availability. It’s unclear what this information would be used for, but you can be sure it wouldn’t have been for a good thing! The application appears to have been designed to allow the developers to redirect the fraudulent SMS message code, such that if your carrier blocked a given SMS number it could be reprogrammed. What is somewhat worrying is that the fake application appears to have gotten past Google’s Bouncer application vetting system and we are asking the question as to if there is anything else in the Play Store of a similar malicious intent?

Once installed, the fake BatteryBot Pro is difficult to remove by ordinary users once it has been granted administrative privileges. If a user does manage to delete it, there is an extra nasty installed application on the device – a persistence package called com.nb.superuser, which runs on a separate thread and survives the deletion of the main application. If the user has rooted their device, this persistence application is able to re-install the fake battery monitor application and the fun starts again. The moral of the story is to check the application permissions that a given application wants when you ask to download it. If an application appears to require too many permissions, ask yourself why. Does a calculator really need account and administrative permissions on your device? If you are unsure, it’s best not to install it.

bb_fake_vs_actual-01