Android Report: Daily Food Diary app dishes malware up to its users 24 – Techaeris


There’s an app for that. Remember that marketing line? Well, it’s basically true. There’s an app for just about everything, including tracking your food consumption and calories. Daily Food Diary is an app that does exactly that and more. According to Pradeo, Daily Food Diary made it through Play Protect security by deeply obfuscating its malicious code.

Mainly, the app steals users’ contact lists, prevents users from killing it, and seems related to the Joker Malware. Daily Food Diary had already been downloaded over 10,000 times before it was removed from the Play Store.

Daily Food Diary pretends to be a legitimate app to take pictures of your meals and set mealtime alerts. It features a very minimal design and a few basic functionalities with no real purpose. The only real purpose was to steal users’ data.

Report: Daily Food Diary app dishes malware up to its users
A bad screenshot of Daily Food Diary on the Play Store

When users launch it, they are immediately sent to the device settings to enable the app to automatically run at startup (foreground service permission). Besides, the app is set to always run in the background (wake lock permission). When users are on the app interface, attempts to exit are overridden to make it difficult to close it.

Daily Food Diary repeatedly asks for permissions to access the contact list, and when it gets it, it directly exfiltrates contacts’ information to unknown external storage. It also requests to manage phone calls, to potentially refuse incoming calls that would temporarily prevent the app from running in the background.

To hide its true intentions, Daily Food Diary malicious code is hidden in an encrypted file called 0OO00l111l1l. Other files contain the native library that can decrypt the malicious code so it can execute (libshellx-super.2019.so), the encryption key (tosversion), and additional resources (o0oooOO0ooOo.dat).

Besides, to stay undetected from dynamic analysis, the app does not perform its malicious behaviors when running in an emulator.

Pradeo

Users are encouraged to delete this app immediately from their devices.

READ  Home Office deputy tech chief appointed CISO at NHS Digital - Healthcare IT News

What do you think of this app? Did you install it? Let us know in the comments below or on Twitter or Facebook. You can also comment on our MeWe page by joining the MeWe social network.





READ SOURCE

LEAVE A REPLY

Please enter your comment!
Please enter your name here