Warning issued to Amazon Fire stick users due to app ‘spying on them’
Security experts have issued a warning to all Amazon firestick users after a spyware app disguised as a BMI calculator was found to be "spying on" users.
McAfee Lab researchers alerted Amazon to an innocent looking BMI calculator on its app store. By clicking one button firestick users were allowing suspected theft of passwords, payment details and messages.
Although the app, named BMI Calculation Vsn, has now been removed, users who have already downloaded to their Amazon tablets or Firesticks are advised to manually uninstall it and run a full device scan to ensure their data remains secure.
READ MORE: Lesser known shopping tip will get you an Amazon Fire Stick for £6
The app, which promised to help users calculate their body mass index, requests permission to “start recording or casting”. At this point users were given a warning that it could access everything visible on their screen.
Although the pop up message was cl;ear, McAfee explained that many people reflexively accept these warnings without reading the small-print.
The pop-up read: “BMI Calculation will have access to all your information that is visible on your screen or played from your device while recording or casting. This includes information such as passwords, payment details, photos, messages and audio that you play.”
McAfee said the spyware "intercepts and collects all SMS messages received on the device, potentially to capture one-time password (OTP), verification codes and sensitive information.”
Initially released on October 8, the app was updated later in the month with new features, including the ability to access SMS messages, including things like one-time banking passwords sent to users. The app was published by PT Visionet Data Internasional and sold as a legitimate tool for calculating BMI. Experts believe he scammer named the developer “PT. Visionet Data Internasional” posing as a respectable IT management service in Indonesia. believe.
The app stores the recording of your activity in an MP4 file but does not upload the clip to the command and control (C2) server - the control room for scammers. From here they can control elements of your device. Once the permission is given, the malware is given free reign to spy on your data.
McAfee suggested the app was still in early development when it landed on the Amazon App Store. McAfee added: “Apps like ‘BMI CalculationVsn’ serve as a stark reminder that even the simplest tools can harbour hidden threats. By staying alert and adopting robust security measures, we can safeguard our privacy and data.”
The Amazon Appstore, a third-party store available on Amazon Fire devices, provides an alternative to Google Play. This discovery follows growing concerns about the security of Amazon Fire Stick devices and experts have repeatedly warned that users of illegal streaming services could be at risk of being hacked by cybercriminals who use spyware to steal personal data.
