Report: Daily Food Diary app dishes malware up to its users

|
, , , ,

There’s an app for that. Remember that marketing line? Well, it’s basically true. There’s an app for just about everything, including tracking your food consumption and calories. Daily Food Diary is an app that does exactly that and more. According to Pradeo, Daily Food Diary made it through Play Protect security by deeply obfuscating its malicious code.

Mainly, the app steals users’ contact lists, prevents users from killing it, and seems related to the Joker Malware. Daily Food Diary had already been downloaded over 10,000 times before it was removed from the Play Store.

Daily Food Diary pretends to be a legitimate app to take pictures of your meals and set mealtime alerts. It features a very minimal design and a few basic functionalities with no real purpose. The only real purpose was to steal users’ data.

Report: Daily Food Diary app dishes malware up to its users
  • Save
A bad screenshot of Daily Food Diary on the Play Store

When users launch it, they are immediately sent to the device settings to enable the app to automatically run at startup (foreground service permission). Besides, the app is set to always run in the background (wake lock permission). When users are on the app interface, attempts to exit are overridden to make it difficult to close it.

Daily Food Diary repeatedly asks for permissions to access the contact list, and when it gets it, it directly exfiltrates contacts’ information to unknown external storage. It also requests to manage phone calls, to potentially refuse incoming calls that would temporarily prevent the app from running in the background.

To hide its true intentions, Daily Food Diary malicious code is hidden in an encrypted file called 0OO00l111l1l. Other files contain the native library that can decrypt the malicious code so it can execute (libshellx-super.2019.so), the encryption key (tosversion), and additional resources (o0oooOO0ooOo.dat).

Besides, to stay undetected from dynamic analysis, the app does not perform its malicious behaviors when running in an emulator.

Pradeo

Users are encouraged to delete this app immediately from their devices.

What do you think of this app? Did you install it? Let us know in the comments below or on Twitter or Facebook. You can also comment on our MeWe page by joining the MeWe social network.

Last Updated on February 3, 2021.

  • Save
Previous

Honor announces its first smartphone since Huawei sold it off

What CIOs should know about the legality of protecting data

Next

Latest Articles

Share via
Copy link
Powered by Social Snap