Though masquerading as a normal-looking card game score keeper, the Beaver Gang Counter app on the Google Play Store has been stealing Viber photos and videos said a reverse engineering report by Symantec.
Symantec discovered that the app contained malicious code that enables it to search for directories containing Viber media which it then sends to a remote web server. The data stolen by the malware could be used for various purposes such as identity theft, blackmail, fraud, and pornography, among others.
A closer look at Beaver Gang Counter also revealed an ingenious way to avoid detection—time-delayed attacks. It employs a command and control server which is queried to check if it’s time for the media to be collected. This allows threat actors to enable and disable the malicious behavior at will, bypassing the dynamic analysis of security vendors and even Google Play’s Bouncer app-vetting service. The workaround is being dubbed as Android.Vibleaker.
Google has been alerted and the app and its developer has been removed from the Play Store.
In order to protect consumers from smartphone threats, Symantec recommends the following: keep software up to date; refrain from downloading apps from questionable sites; pay close attention to app permissions; installing a suitable mobile security app; and making frequent backups of important data.