Kotlin

A cyber-security firm has discovered what they believe to be the first Android malware family written in the Kotlin programming language.

First spotted by Trend Micro, the malware was found inside an Android application available on the official Google Play Store posing as legitimate phone utility cleaner app named Swift Cleaner.

The malware does not have a fancy name just yet, but Trend Micro detects it as ANDROIDOS_BKOTKLIND.HRX. The malicious app was spotted on infected phones with the following package names.

com.pho.nec.sg.app.cleanapplication
com.pho.nec.pcs
com.pho.nec.sg

Google removed the fake Swift Cleaner apps carrying this new malware from the Play Store.

Malware used for ad click and SMS fraud

Researchers said the malware comes with many features, but crooks used only a few. According to a report published this week, the malware operators used it to make infected phones click on ads and secretly subscribed the user's phone to premium SMS numbers.

Most notably, the malware could also bypass CAPTCHA solutions employed by some of these premium SMS services.

Additionally, the malware was also capable of remote command execution, information theft, SMS sending, and URL forwarding.

All Android malware detected in the wild up to this point was written in Java. The move to Kotlin is not surprising, as the programming language has officially become the second programming language supported by the Android OS, and many expect it to become the primary language for writing Android apps in the following years.

New Android malware targeting Russian-speaking users

Besides the Kotlin-based threat, Trend Micro also published a second report this week on another Android malware.

Named FakeBank, this new malware strain is a mobile banking trojan that currently targets only banks in Russian-speaking countries.

Researchers say FakeBank appears to have ties to the old Fanta SDK Android banking trojan that was active in early 2016. Fanta SDK was famous because it used an innovative technique of changing the smartphone's PIN and locking the screen while it drained funds from the victim's bank account.

Related Articles:

Google Updates File Signature Checks for Android Apps

Android App Devs Find Clever Trick for Fooling Users Into Installing Their Crapware

New MysteryBot Android Malware Packs a Banking Trojan, Keylogger, and Ransomware

Malware Found in the Firmware of 141 Low-Cost Android Devices

Malware Found in the Firmware of 26 Low-Cost Android Devices