First Android malware written in Kotlin found posing as Swift Cleaner app and stealing user data

Security researchers have discovered a new Android malware, written in the Kotlin programming language – the first ever of its kind to be found. The malware was found posing as a Google Play Store app called "Swift Cleaner" and already has between 1,000 to 5,000 installs.

The data-stealing malware is also capable of other kinds of malicious activities such as performing click ad frauds, remote command execution and sending SMS. According to security researchers at Trend Micro, who discovered the Android malware, it can also sign up victims for premium SMS subscription services, without their knowledge or permission.

Kotlin is a popular language used for writing Android apps. Twitter, Pinterest and Netflix are among some of the top apps that still use Kotlin.

"Kotlin is described as concise, drastically reducing the amount of boilerplate code; safe, because it avoids entire classes of errors such as null pointer exceptions; interoperable for leveraging existing libraries for JVM, Android, and the browser; and tool-friendly because of its capability to choose any Java IDE or build from the command line," Trend Micro researchers said in a blog. "However, it's still unknown if the abovementioned features of Kotlin can make a difference when creating malware."

Although the Android malware has several features, hackers appear to be using only a few. Notably, the hackers used the malware to make the infected devices click on ads and surreptitiously subscribed the infected phone to premium SMS numbers.

"The malware can also upload the information of the user's service provider, along with the login information and CAPTCHA images, to the C&C server. Once uploaded, the C&C server automatically processes the user's premium SMS service subscription, which can cost the victim money," the Trend Micro researchers said.

Fortunately, Google has already removed the fake malware-laced Swift Cleaner app from the Google Play Store.