A unique type of a mobile scam infected some 60,000 Android devices in recent times, cybersecurity firm RiskIQ reports, pointing to a malicious battery-saving tool it detected while inspecting its internet crawl data. The app is being advertised via a standard fake alert that can be seen below, tricking people into installing it so that it's able to hijack their handsets, steal information, and perform ad clicks. What makes this particular scam unique is that it doesn't redirect users to malicious websites but a Google Play Store listing of Advanced Battery Saver, the infected app in question.
The developer behind the app hasn't been identified by RiskIQ, though they previously published another app which wasn't malicious in nature but isn't available for download any longer, according to the research firm's analysis of its archived APK file. The author of the newly discovered scam placed significant effort into tricking users to maximize revenue given how Advanced Battery Saver actually works as advertised – it monitors device battery status, kills of background processes that haven't been whitelisted and consume significant resources, and generally attempts to make one's battery last longer. Its functionalities that aren't advertised come in the form of an ad-clicking backdoor that's implemented into your smartphone the moment you install the app. While fake ad clicks it generates don't consume significant resources, the combinations of permissions that power the malicious behavior and the rest of the app also compromise, i.e. steal one's phone number, location, and device information, including the IMEI number.
Advanced Battery Saver is still available for download from the Play Store as of Thursday morning EDT, though it's expected to be removed in the coming days. Google is still struggling to enforce effective quality control practices, with malicious Android apps being identified and reported on a daily basis. Advanced Battery Saver amassed over 50,000 downloads, according to its Play Store listing, with RiskIQ estimating its total install base is some 10,000 larger.