The Save Me app claims to be able to save a user’s contacts and other data including photos and videos, in the event that a mobile device is lost or stolen but it actually contains a variant of information-stealing malware SocialPath, which saves all your phone data to a badguy owned command and control server.
When the victim registers, the malware displays an icon on the phone’s launcher. Once the registration process is finished, the malware deletes its own icon to hide on the phone. Oddly, it also has the ability to call any number designated by the C&C (command and control server) and automatically hang up the call according to a timer. It is unsure what the authors use this functionality for, but similar tactics are used as a revenue source — malware authors will call premium numbers to collect associated fees and make money. The malware then deletes the call records so as to hide its activities.
Other purposes for a command and control server, to ex-filtrate all the data on your phone (contacts, pictures, gps locations, videos, messages, everything…)
More Information can be read here.
You should only download apps from trusted developers; read reviews, research the developers, make sure you’re choosing a trustworthy product, especially if this tool is promising to help you protect sensitive information. Also, don’t download apps from third party marketplaces.
