Security firm Trend Micro has found a cache of malicious apps on the Google Play store, masquerading as harmless photo programs. The apps have been downloaded millions of times, according to Trend Micro.
Once downloaded, these apps attempt to steal the user's data, including personal information and even their photographs, as well as delivering pornographic adverts.
In total, 29 apps were found to be harmful, which Google has since removed from the store.
How do the Malicious Apps Work?
Trend Micro identified the scam apps during wider research into security on the Google Play store. It found 29 separate photo apps that appeared to be genuine, but, once installed, were used to collect data from the user in several ways:
Photo retention: The apps in the study were beauty camera apps, used to improve selfies or add graphics to photos. Trend Micro identified that some of these apps were prompting users to upload their photographs to a server, where they would be harvested by the author of the app. Researchers theorize that these would then be used maliciously, such as for creating fake profiles on social media.
Pornography adverts: Other apps would push malicious adverts to the user's device, many of which were for pornographic content. The apps gave no indication that they were the ones serving the adverts. This made it difficult for the users to identify the source of the adverts and remove the apps. Trend Micro also found that some apps were downloading a paid online pornography player to devices in the background when a pop-up was clicked on.
Phishing sites: Other apps would cause adverts to pop up in the device's browser. These would send the user to phishing sites, masking themselves as competitions. These would ask the user to give sensitive data, such as addresses and phone numbers. The adverts would imply that the user had won a prize, and request this information for verification.
What Are the Scam Apps?
The apps in question had collectively been downloaded millions of times before they were removed from Google Play. User reviews show that some users were suspicious of the apps, with comments regarding the spamming of adverts, or the fact that they simply didn't work as advertised.
Despite this, many of the apps had proved popular, and been downloaded in high volumes by innocent users.
Trend Micro noted that while some apps had a large proportion of 5 star reviews on the store, these could have been planted as fake reviews in an effort to surface the apps on the platform.
The scam apps are listed below:
- Pro Camera Beauty
- Cartoon Art Photo
- Emoji Camera
- Artistic Effect Filter
- Art Editor
- Beauty Camera
- Selfie Camera Pro
- Horizon Beauty Camera
- Super Camera
- Art Affects for Photo
- Awesome Cartoon Art
- Art Filter Photo
- Art Filter Photo Effects
- Cartoon Effect
- Art Effect
- Photo Editor
- Wallpapers HD
- Magic Art Filter Photo Editor
- Fill Art Photo Editor
- Art Filter
- Cartoon Art Photo
- Prizma Photo Effect
- Cartoon Art Photo Filter
- Art Filter Photo Editor
- Art Effet
- Photo Art Effect
- Cartoon Photo Filter
What Should You Do if You've Downloaded One of the Apps?
If you recognise any of the apps above, it is imperative that you stop using it instantly. Remove the app from your device, to avoid risking any personal data being stolen.
Trend Micro also recommends in its report that users pay close attention reviews on the Play Store, and take particular note of any where users call out an app for suspicious behaviour.
It's also worth double checking the positive reviews, to look for similar sounding comments, or lots of of one-word or single-sentence reviews that have been left at the same time. These are all signs that the reviews may not be legitimate.