14 DAY TRIAL // Security company Trend Micro has discovered another batch of malicious apps published in the Google Play Store and which users have downloaded millions of times.
The malware is hiding in the code of what claim to be beauty camera apps which promise to offer filters and further edits that would help improve your photos.
However, after installing the apps, they hide their icons from the application list to make users can’t disable them and use packers to make it more difficult to be analyzed.
But the truly dangerous behavior comes down to full screen ads that are displayed on compromised devices when they are unlocked. Trend Micro’s analysis reveals that the malicious ads typically point to pornography, and the company also detected a paid online pornography player that was downloaded when tapping the popup.
Furthermore, the company discovered that some of these malicious apps also point users to phishing websites that ask for personal information, including addresses and phone numbers.
Stealing users’ photos
Interestingly, Trend Micro says it also detected a second category of infected apps which only tried to trick users into uploading their photos to a hidden server.
“These apps seemingly allows users to “beautify” their pictures by uploading them to the designated server. However, instead of getting a final result with the edited photo, the user gets a picture with a fake update prompt in nine different languages. The authors can collect the photos uploaded in the app, and possibly use them for malicious purposes — for example as fake profile pics in social media,” the analysis reveals.
Google has already been alerted of these apps and the search giant removed them all, though it’s critical for all users to try to stay away from such malicious listings in the Google Play Store. In most of the cases, the reviews page helps investigate the legitimacy of an app, so just don’t rush to press the install button regardless of the app name.