Malware Disguised As BMI Calculator App Exposed On Amazon Appstore

A seemingly innocuous app designed to calculate Body Mass Index (BMI) has been unmasked as malware, cybersecurity researchers revealed.

The app, named “BMI CalculationVsn,” was found on the Amazon Appstore, posing significant security risks to Android users, as reported by The Record.

According to researchers at antivirus firm McAfee, the app functioned as an information-stealing malware, capable of recording screen activity, accessing text messages, and analyzing installed apps on a user’s device, says The Record.

The Record reports that McAfee promptly notified the app to Amazon, leading to its removal from the platform. However, details about the number of users who downloaded the app remain unclear.

Analysis of the app on malware repository VirusTotal indicates that BMI CalculationVsn is still in active development. Initially launched in October 2024 as a screen recording application, it later transitioned into a BMI calculator, says The Record.

Its most recent update introduced the ability to steal messages, highlighting its evolving threat. The app’s creators remain largely unidentified, but McAfee suspects they have connections to Indonesia.

“The malware author tricked users by abusing the names of an enterprise IT management service provider in Indonesia to distribute this malware on Amazon Appstore,” McAfee stated, as reported by The Record.

The implications suggest insider knowledge of the region’s IT ecosystem. This incident underscores the persistent risk of malicious software infiltrating legitimate app stores. Amazon has not disclosed additional details about its response to this breach, according to The Record.

Cybersecurity experts also recommend employing antivirus solutions to detect and mitigate potential threats. Users are advised to exercise caution when downloading apps, even from trusted sources, by verifying developer credibility and app reviews.