Security researchers from Avast have come across a fake night vision camera app on Google Play. The malicious app is designed to harvest information and subscribe users to premium SMS services.
The app was uploaded to Google Play on March 6 by a developer named Four Seasons. At the time of writing, it’s still available on Google’s official Android app market, being installed by 10,000-50,000 users.
The app, named Cámara Visión Nocturna, appears to target Spanish-speaking users. It can allegedly enable users to take pictures at night without having to use the flash.
As an example, users are told that they can take pictures of their neighbor while she’s changing. Who wouldn’t want this app, right?
In reality, this isn’t every voyeur’s dream come true. The app doesn’t work. However, according to Avast experts, it’s cleverly designed to trick users into handing over control of their phone to cybercriminals.
When it’s installed, the night vision camera app requests all sorts of permissions, not only to access the camera. It asks permission to record video and audio, read and write SMSs, access the Internet, and access the device’s storage.
Once it’s installed, the application starts collecting phone numbers from applications like ChatOn and WhatsApp. The harvested numbers are used to subscribe users to premium mobile services.
The malicious app can inflate victims’ bill with up to 36€ (50$) per month.
Users are advised to act with caution when installing Android apps, even if they’re from trusted sources. If they request too many permissions, they’re possibly part of a cybercriminal scheme. A mobile security solution should be able to detect such threats so make sure you install one on your phone.
Avast detects the threat as Android:FakeCam.