Google took down a total of 29 malicious apps for Android that were advertised on the Google Play Store as beauty camera applications, but carried out activities such as stealing the user’s pictures.
The apps were discovered by cybersecurity firm Trend Micro, which said that some of them have already been downloaded millions of times. A large number of the downloads were from users in Asia, particularly in India. In total, the 29 malicious Android apps were downloaded over 4 million times before they were removed from the Google Play Store, with three of them accounting for over 3 million downloads.
Trend Micro said that after downloading one of the malicious apps, users will not suspect anything wrong until they try to delete it. One example is a package that will hide the app’s icon to make it more difficult to uninstall it. The apps also used compression archives, also known as packers, to make them hard to analyze. There was also no indication that the apps were the ones behind the issues that users suddenly experienced.
Some of the malicious apps load full-screen advertisements for fraudulent or pornographic content each time the Android device is unlocked. Others will forward users to phishing websites that will try to steal sensitive information. Some of the attempts to steal contact details of users were disguised as pages for claiming prizes. Trend Micro also discovered that an adult video player, advertised by the apps, did not play any content after it was purchased.
One of the more alarming activities of the malicious Android apps was requesting for users to upload pictures to “beautify” them. The images were uploaded to a private server, and instead of a filtered photo, the app displayed a message that said an update was required. Trend Micro believes that the pictures were stolen, and used for purposes such as making fake social media accounts.
This is far from the first time that security problems were discovered in Android apps. Last year, there were apps that tracked children’s personal data, secretly recorded the smartphone’s screen, and attempted to phish cryptocurrency logins. As always, users can help protect themselves and their sensitive information from malicious apps by only downloading Google Play Store apps made by trusted developers and publishers.
- As a loyal iMessage user, I’m sick and tired of Apple’s resistance to RCS
- Meta wants you to use its creepy Portal as a secondary monitor
- Oppo’s latest Apple Watch clone has an important spec under the hood
- Facebook Messenger finally starts testing end-to-end encryption for all chats
- I tried OxygenOS 13, and it’s everything I feared it would be