First Android Malware Written In Kotlin Programming Language Is Here To Infect You

Following the footsteps of Apple’s homegrown Swift programming language for developing iOS apps, Kotlin has been growing at a fast pace (here’s why you should learn it). This doesn’t mean that all Kotlin developers are learning it with an aim to code safer and faster Android apps.

A new report from Trend Micro states the discovery of a new malicious app named ANDROIDOS_BKOTKLIND.HRX. This app is actually the first malware coded in Kotlin. At the moment, it’s not known if Kotlin’s advanced and user-friendly features have made a difference while creating malware.

The samples of the malware were spotted in Swift Cleaner, which poses itself as a tool for cleaning and optimizing your slow Android smartphones. Thankfully, the app has just 1,000-5,000 installations. However, it has some dangerous tricks up its sleeve.

Kotlin malware has dangerous capabilities

This Kotlin-based malware has the capability of remote command execution, SMS sending, URL forwarding, information theft, and click ad fraud techniques. Moreover, Swift Cleaner can sign up you for premium SMS-based services without your permission.

When the app is launched, the malware sends the device information to the remote server and kicks off the background services to get instructions from C&C server.

android malware for Kotlin
Image: Trend Micro

After the initial infection, the malware sends an SMS. Once the SMS is received the remote server executes click ad fraud via URL forwarding. With the help of Wireless Application Protocol (WAP) task, the injection of malicious JavaScript code takes place for completing the process.

By uploading the information of user’s service provider and login information as well as CAPTCHA to C&C server, the malware automatically processes the subscription to premium SMS services.

The users are advised to take the recommended security methods and only download the trusted mobile apps. The hackers improving their game with new technologies and you shouldn’t remain ignorant.

Also Read: Are Your WhatsApp Encrypted Group Chats Exposed To Strangers?
Adarsh Verma

Adarsh Verma

Fossbytes co-founder and an aspiring entrepreneur who keeps a close eye on open source, tech giants, and security. Get in touch with him by sending an email — [email protected]
More From Fossbytes

Latest On Fossbytes

Find your dream job