“The apps, identified by Trend Micro, either included phishing links to steal banking details, or upload photos to a private server without user consent.”
In a week with seemingly horrendous consequences in terms of data privacy, a recent Trend Micro report has thrown more light into malicious apps on the Google Play Store, all of which were designed to steal your information in one way or another. As per the report, a total of 29 photo editing apps have been identified, and subsequently banned from Google Play Store, for their malicious intents such as embedded phishing targets or even data theft.
On the technical aspect, the Trend Micro report states that most of these apps internally accessed remote ad configuration servers in a bid to carry out their objectives. For instance, an app called ‘Beauty Camera’, which has been downloaded over 100,000 times, would create a shortcut and hide its entry under the applications tab, hence making it difficult to track or uninstall later. Furthermore, it would also serve full screen malicious ads, and even install a non-functioning pornography player on a user’s phone, in a bid to earn revenue while remaining of no use to the user.
Other apps downloaded specific ad configurations and then accessed a device’s browser to serve targeted pages to the user at a heavy spam rate. Further grave consequences were being offered up by phishing advertisements, which would show the user to have won an award, and later asking them to fill up a form with specific information in order to claim the prize. Some others, meanwhile, were not targeted at financial gains or targeted advertisements, but instead were employing data stealing techniques.
In the report about these apps, Trend Micro states, “These apps seemingly allows users to “beautify” their pictures by uploading them to the designated server. However, instead of getting a final result with the edited photo, the user gets a picture with a fake update prompt in nine different languages. The authors can collect the photos uploaded in the app, and possibly use them for malicious purposes — for example as fake profile pics in social media.“
A full list of these apps have been declared on the Trend Micro report, including some that have over one million downloads — such as Pro Camera Beauty and Emoji Camera. The full list and the report can be read here.