Share
Google Play apps with >4.3 million downloads stole pics and pushed porn ads

Google Play apps with >4.3 million downloads stole pics and pushed porn ads

Enlarge / Screenshots of the pop-up ads displayed by malicious apps that were available in Google’s Play Store.Trend Micro reader comments 9 with 8 posters participating Share this story Share on Facebook Share on Twitter Share on Reddit Google has banned dozens of Android apps downloaded millions of times from the official Play Store after…


Screenshots of the pop-up ads displayed by malicious apps that were available in Google's Play Store.
Enlarge/Screenshots of the pop-up ads displayed by malicious apps that were available in Google’s Play Store.
Trend Micro

Google has banned dozens of Android apps downloaded millions of times from the official Play Store after researchers discovered they were being used to display phishing and scam ads or perform other malicious acts.

Ablog postpublished by security firm Trend Micro listed 29 camera- or photo-related apps, with the top 11 of them fetching 100,000 to 1 million downloads each. One crop of apps caused browsers to display full-screen ads when users unlocked their devices. Clicking the pop-up ads in some cases caused a paid online pornography player to be downloaded, although it was incapable of playing content. The apps were carefully designed to conceal their malicious capabilities.

“None of these apps give any indication that they are the ones behind the ads, thus users might find it difficult to determine where they’re coming from,” Trend Micro Mobile Threats Analyst Lorin Wu wrote. “Some of these apps redirect to phishing websites that ask the user for personal information, such as addresses and phone numbers.”

The apps also hid their icons from the Android app list. That made it hard for users to uninstall the apps, since there was no icon to drag and delete. The apps also usedcompression archives known as packersto make it harder for researchers—or presumably, tools Google might use to weed out malicious apps—from analyzing the wares.

Your selfies are ours

Trend Micro researchers discovered another batch of apps that falsely promised to allow users to “beautify” their pictures by uploading them to a designated server. Instead of delivering an edited photo, however, the server provided a picture with a fake update prompt in nine different languages. The apps made it possible for the developers to collect the uploaded photos, possibly for use in fake profile pics or for other malicious purposes. The developers took pains to prevent users from detecting what was happening.

“The remote server used by these apps is encoded with BASE64 twice in the code,” Wu wrote. “In addition, several of these apps can also hide themselves via the same hidden technique mentioned above.”

The apps reported by Trend Micro are:

Indicators of Compromise (IoCs)

PackageLabelInstalls
com.beauty.camera.years.proPro Camera Beauty1,000,000+
com.cartoon.art.photo.ygy.cameraCartoon Art Photo1,000,000+
com.lyrebirdstudio.emoji_cameraEmoji Camera1,000,000+
art.eff.filter.photo.editorArtistic effect Filter500,000+
art.filter.editor.imgeArt Editor100,000+
com.beauty.camera.project.cloudBeauty Camera100,000+
com.selfie.camerapro.proSelfie Camera Pro100,000+
com.camera.beauty.kwok.horizonHorizon Beauty Camera100,000+
com.camera.ygysuper.photographSuper Camera100,000+
com.effects.art.photo.for.selfArt Effects for Photo100,000+
com.solidblack.awesome.cartoon.art.pics.photo.editorAwesome Cartoon Art100,000+
com.photoeditor.artfilterphotoArt Filter Photo50,000+
com.photocorner.artfilter.arteffect.prizmaArt Filter Photo Effcts10,000+
com.picfix.cartoonphotoeffectsCartoon Effect10,000+
com.picsartitude.arteffectArt Effect10,000+
com.csmart.photoframelabPhoto Editor5,000+
com.wallpapers.nuclear.hd.hd3d.best.live.nuclearWallpapers HD5,000+
com.perfectmakeup.magicartfilter.photoeditor.selfiecameraMagic Art Filter Photo Editor5,000+
appworld.fillartphotoeditor.technologyFill Art Photo Editor1,000+
com.artflipphotoeditingArtFlipPhotoEditing1,000+
com.artphoto.artfilter.artpiczoneArt Filter1,000+
com.photoeditor.cartoonphotoCartoon Art Photo1,000+
com.photoeditor.prismaeffectsPrizma Photo Effect1,000+
com.cmds.artphotofiltereffectCartoon Art Photo Filter100+
com.latestnewappzone.photoartfiltereditorArt Filter Photo Editor100+
com.livewallpaperstudio.pixturePixture100+
app.pixelworlds.arteffectArt Effect50+
timepassvideostatus.photoarteffect.cartoonpainteffectPhoto Art Effect10+
com.techbuzz.cartoonfilterCartoon Photo Filter5+

The report is the latest to demonstrate that Google can’t be counted on to proactively detect malicious apps available in Play. That puts the onus on end users to carefully scrutinize apps before installing them. One way to do this is to read comments to see if anyone has reported suspicious things, such as receiving pop-up ads, after installing an app. Another important strategy is to limit downloads to those that are truly necessary or useful, and then only when they’re developed by a recognized company. Niche apps that provide little tangible benefit should be avoided.

Read More

Leave a Comment