The bank warns against spy apps and advises immediate removal
McAfee, the global American cybersecurity firm, recently announced the discovery of a malicious application named BMI CalculationVsn, designed to calculate body mass index (BMI). This app contains malware capable of screen recording and accessing users’ app lists.
According to McAfee, the app was deceptively designed to help users evaluate whether their BMI is within a healthy range. It operates with standard BMI assessment features. However, once users click the “Calculate” button, the app immediately requests screen recording permissions. In their eagerness to obtain quick results, many users tend to grant these permissions without hesitation.
Once permission is granted, the app begins recording the screen and captures all user actions. This poses significant risks of exposing personal information, passwords, two-factor authentication (2FA) codes, and sensitive messages.
Notably, the app is also capable of reading SMS messages, enabling hackers to steal 2FA codes, which are particularly critical for financial services or social media accounts.
During its analysis, McAfee confirmed that the app is fully capable of stealing information. However, no evidence has been found yet of the data being transmitted or distributed.
Users are advised to exercise caution when downloading and installing apps, even from official platforms like the Google Play Store or App Store. If using an app that requests permissions, users should carefully review its description and ratings to ensure that the permissions requested are reasonable and necessary.
To ensure information and transaction security, banks recommend that customers proactively inspect their devices and remove any malicious or potentially risky applications.
