New Programming Language “Kotlin” used for Developing an Android Malware

Open Design Alliance SDK

The bee’s open-source programming language has been used to create malicious Android apps that are able to hijack an Android mobile, and has been found in the Google Play Shop as an Android app called Swift Cleaner.

In May 2017, Google announced that Kotlin would develop an Android application programming language, and over 17 per cent of Android Studio’s projects were using Kotlin by the Android team.

Top Giant Android applications like Netflix, Pinterest and Twitter are the top applications that use kotlin linguistic programming.

In the same language is used the “Swift Cleaner” malicious Andoird application, an Android tool for cleaning and optimizing Android devices discovered in the Google Play Store.

This malicious application that is able to click fraud, perform the remote command, and steal user information can also register customers without their consent for premium SMS subscription services.

Swift Cleaner

How the Malicious is functioning–Swift Cleaner

Once you download and install this malicious application on your machine, it gathers data from your computer and sends it to your control and control server.

Later on it begins background services which continue to run on its command & control server to receive a job.

This malware sends an SMS to a certain amount that its C&C server provides when users first infect.


Later the malware gets the SMS command, remote servers will transmit the URL and also click on the ad fraud to perform the Wireless Application Protocol (WAP) task by remotely executing a C&C Server command.

According to Trend Micro, the injection of the malicious Javascript code will take place, followed by the replacement of regular expressions, which are a series of characters that define a search pattern. This will allow the malicious actor to parse the ads’ HTML code in a specific search string.

It also conducts sophisticated tasks, like uploading data for service providers, CAPTCHA, and login information to C&C, by allowing premium SMS service subscription at victim expense.

Common mobile threats defenses

  • Consider carefully the approval requested by the apps.
  • Download trusted source apps.
  • Keep the recent version up.
  • Encrypt your phones. Encrypt your phones.
  • Make significant information backups frequently.
  • Install malware on your systems.
  • Stay with the CIA Cycle rigid.
Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.