Dozens of fake photo apps have been removed from Google to protect users. Malicious apps were very popular, and the purpose of hackers was to steal user files and perform various scams.
Trend Micro's cybersecurity experts have detected 29 malicious apps uploaded to the official Google Play store. All of them were advertised as "beauty camera" applications.
These photo apps were used by hackers to commit various criminal activities on any Android device they were installed on.
For example, some malicious apps have loaded ads with deceptive or pornographic content in full screen every time the users unlocked their device. Another part of the apps sent users to phishing sites trying to steal their personal data. Among the malicious software, there were also applications designed to steal emails and phone numbers hidden as a claiming a prize.
Trend Micro reveals that even the pornography advertised by these apps was a scam. Experts have discovered during their investigation, buying an alleged video player for adults that it has not actually played any content.
Another part of the malicious applications was beauty apps and was even more dangerous. Those have been photo filter apps that promised to “beautify” users’ pictures but they were actually stealing the photos.
Apps have uploaded victims' pictures to a private server. However, instead of having the users receive a filtered version of their photo, the app displayed a fake image for an update needed. According to cybersecurity experts, hackers then used the stolen pictures for other criminal activities, for example, to create fake social media accounts.
Hackers have made these apps that have been downloaded from Google Play super hard to spot. Developers have used data compression (packer), which prevents analytics from analyzing applications. Additionally, if the users attempt to uninstall the application, they encounter another problem - these false beauty applications are hidden from the application list and the user cannot see and uninstall them.
It is not reassuring that these 29 malicious applications have been downloaded more than 4 million times, with only three of them downloaded over 3 million times. In fact, this shows that Google does not respond quickly enough to detect and disable malicious Android apps, as millions of users have already become victims of hackers while that happens.