Google has removed a fake version of BatteryBot Pro from its Play Store after the spoofed app was found to be perpetrating click fraud and ad fraud, among other malicious activities.
BatteryBot Pro is a legitimate app for Android that allows users to monitor the battery level of their devices by referencing a charge level (percent) as an icon in their status bar. The app is available on Google Play Store for USD $2.99.
However, according to Shivang Desai, a security researcher at Zscaler, attackers recently developed a fake version of BatteryBot Pro that they made available for free. This app modified the functionality of its legitimate counterpart and also requested many more permissions than the real BatteryBot Pro.
“Upon installation of the malicious app, it demanded administrative access, which clearly portrays the motive of malware developer to obtain full control access of the victim’s device,” Desai explains in a blog post. “Once the permission is granted, the fake app will provide the same functionality to the victim found in the original version of BatteryBot Pro but performs malicious activity in the background.”
Desai’s research shows that the fake version tries to load ad libraries to distribute click fraud campaigns, collect information about the device (including available memory, location, language, and SIM card availability), and display pop-up ads to the victims.
Worse still, as the app has administrative privileges, it is difficult to uninstall. Desai was in some instances able to forcefully remove the app. However, he spotted that the app’s malware silently installs an app with the package com.nb.superuser, which essentially preserves the app’s functionality even if the app itself is deleted.
After being notified of the app’s existence, Google swiftly removed the fake BatteryBot Pro from its Google Play Store. Unfortunately, this move does not help those who have all ready downloaded the app.
Fake Android apps, including cracked APK files on Google Play Books earlier this year, are commonplace today. It is therefore recommended that users try to protect themselves by looking for apps with an excessive amount of permissions.