The app, a file management and optimization utility, is capable of performing unwanted activities such as downloading and installing other applications, and sending SMS messages to premium rate numbers without the user's consent.
"For these purposes, the utility uses several suspicious services that are activated after its launch," the security firm explained in a blog post. "One of them is used to communicate with a remote server to which it relays information about the device (the IMEI and IMSI) and receives such directives as: generate an application download list; SMS message parameters (text and recipient number); create a list to intercept specific incoming messages."
Doctor Web identifies the app as Android.Backdoor.81.origin.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
"At the time of the program’s discovery on Google Play, it had been downloaded more than one million times, and many users have already run into the problem of SMS messages being sent to premium numbers without their consent," Doctor Web reports.