Trend Micro security firm discovered the presence of 29 malicious apps on the Google Play Store. By masquerading as photo editing applications ("beauty camera"), they subverted users' photos.
Image credit: Hasan Albari – Pexels
Every year his new scandal around a photo editing application. Although this time, it is not one, but 29 applications that have been discovered and banned.
Trend Micro has just published an article about apps previously on the Google Play Store and detected as serious threats. Although removed from the app store, these 29 apps still account for more than 4 million downloads.
Your photo, soon used without your knowledge
These 29 applications – now detected as AndroidOS_BadCamera.HRX – pretend to be "beauty" applications that apply filters to your photos. In fact, users were taking their picture, but had ineluctably a message telling them to update the application. At the same time, the resulting photo was transferred to a third-party server and will certainly be used in the future for malicious purposes, such as creating fake profiles on social networks.
But these applications posed another problem: they opened a pop-up when unlocking the phone with advertisements of fraudulent or pornographic content, pushing the victims on phishing sites to retrieve more personal information.
Pop-ups that you do not want to see
And to make sure that users would not uninstall the app, the developers took care to ensure that it does not appear in the application drawer or home screen, making the manipulation more complex.
Play Protected bored
The alarming element of this story is that the Google Play Store and Google Play Protect have let these 29 applications live and be downloaded several million times before detecting any threat. To get through the cracks, these applications used several methods, such as the dual-base BASE64 encryption of the remote server used in the application.
We can never remember enough that it is important to check several elements to download an application, such as its notation (if the application has many notes "1 star", it should put you in the ear) , as well as the permissions requested by the application.
Read on FrAndroid: Google Play Protect: How Anti-malware Works for Android Apps