Lookout blog states that it is malapp and in reality contains a variant of information-stealing malware ‘SocialPath.’ Explaining the characteristics of Save Me and Social Path, Lookout’s senior security product manager, Jeremy Linden explained that it primarily distributed through spam via Twitter, WhatsApp and other social platforms with socially engineered messages designed to encourage victims into clicking on a disguised download link.
Once the victim clicks on the link, the App asks permission to access information from the device like including name, email, phone number and even a photo of the user, before connecting to a C&C server and exfiltrating this and other data from the device, Linden explained. He added that this includes contacts, text messages, call logs and device information. Another unique this about this App is, during installation, the App logo may on the smartphone launcher but it disappears as soon as the installation is complete. Lookout says this is done to hide the malware from the user and antivirus engines. Another interesting thing is that it has ability to to call any number designated by the command and control server and automatically hang up the call as per a timer. However Lookout could not make out why it does that. Linden added, Lookout says that the code analysis by them points to the malware authors/handlers to be of Arabic origin and the App has spread mainly in Lebanon (29%), Sudan (19%) and Oman (11%) through phishing techniques.
Google has removed Save Me from its Google Play after being contacted by Lookout but the APK of the App is still widely available and it is mostly being spread through phishing campaign. Lookout says that the motive of the authors/handlers is not known and that it may be a case of political espionage, financially driven phishing, or something more sinister. Lookout said that SocialPath has also been spotted doing the rounds disguised as an online reputation management tool. Google Play has a bad reputation of allowing such malapps on its platform. As a Android smartphone user you have to be extra careful while allowing such Apps to be installed on your phone. You should always take care to
