Image by Freepik

• Written by Kiara Fabbri Former Tech News Writer
• Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

A seemingly innocuous app designed to calculate Body Mass Index (BMI) has been unmasked as malware, cybersecurity researchers revealed.

In a Rush? Here are the Quick Facts!

• “BMI CalculationVsn” app on Amazon Appstore was identified as information-stealing malware.
• The app could record screen activity, steal text messages, and survey installed apps.
• The malware’s developers remain unidentified

According to researchers at antivirus firm McAfee, the app functioned as an information-stealing malware, capable of recording screen activity, accessing text messages, and analyzing installed apps on a user’s device, says The Record.

Analysis of the app on malware repository VirusTotal indicates that BMI CalculationVsn is still in active development. Initially launched in October 2024 as a screen recording application, it later transitioned into a BMI calculator, says The Record.

Its most recent update introduced the ability to steal messages, highlighting its evolving threat. The app’s creators remain largely unidentified, but McAfee suspects they have connections to Indonesia.

Cybersecurity experts also recommend employing antivirus solutions to detect and mitigate potential threats. Users are advised to exercise caution when downloading apps, even from trusted sources, by verifying developer credibility and app reviews.

Image by DC Studio, from Freepik

New Malware Threatens Critical Engineering Processes In Industrial Control Systems

• Written by Kiara Fabbri Former Tech News Writer
• Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Forescout Research has identified a growing threat targeting engineering workstations in operational technology (OT) and industrial control systems (ICS).

In a Rush? Here are the Quick Facts!

• Malware like Ramnit and Chaya_003 disrupt critical engineering processes in OT environments.
• Over 20% of OT incidents involve compromising engineering workstations, according to SANS Institute.
• Ramnit, originally targeting banking credentials, now infects OT systems through compromised devices.

The analysis , released on Tuesday highlights how malware targeting these workstations is increasingly common.

The research focused on malware found in VirusTotal, which included incidents involving the Mitsubishi engineering workstation infected with the Ramnit worm, as well as new experimental malware known as Chaya_003, which disrupts Siemens engineering processes.

OT-specific malware, although less prevalent than attacks on enterprise software or mobile operating systems, is a significant concern for security operators in industrial environments.

Engineering workstations, which play a central role in controlling and monitoring critical infrastructure, are prime targets for these types of attacks. A report by the SANS Institute identified engineering workstation compromise as a leading attack vector, responsible for over 20% of OT system incidents.

The analysis by Forescout focused on malware targeting engineering workstations, which run both traditional operating systems like Windows and specialized engineering software, such as Siemens TIA Portal and Mitsubishi GX Works.

The research found two main clusters of malware targeting these workstations. In one case, Mitsubishi GX Works executables were infected with the Ramnit worm in two separate incidents. The second involved three samples of a new malware variant, Chaya_003, which was specifically designed to terminate Siemens engineering processes.

Ramnit, a malware strain initially known for targeting banking credentials, has evolved into a more sophisticated platform capable of infecting OT systems. The recent findings by Forescout show that Ramnit remains a persistent threat to OT networks.

The malware can spread through compromised physical devices like USB drives or poorly secured network systems. Although the specific vector for these infections remains unclear, it is evident that the malware continues to affect OT environments.

Chaya_003, on the other hand, represents a new and evolving threat. The malware’s primary functionality includes terminating critical engineering processes. Its design suggests deliberate attempts to masquerade as legitimate system processes to avoid detection by security software.

Forescout says that the malware is delivered through a command-and-control (C2) infrastructure that relies on legitimate services like Discord webhooks, making it harder to detect.

The research stresses the importance of securing engineering workstations to prevent these types of attacks. Recommendations include updating software regularly, implementing robust endpoint protection, and segmenting networks to limit access to critical systems.

The increasing sophistication of these attacks, driven by the availability of generative AI tools, highlights the need for proactive security measures in the OT sector.

The research by Forescout also warns that as malware targeting engineering processes becomes more accessible, the line between less skilled and more advanced attackers continues to blur, making it harder to distinguish between simple and highly sophisticated threats.