Google has removed dozens of popular fake photo apps meant to hurt its users.
Security firm discovered 29 malicious apps that were listed on the official Google Play store, all advertised as “beauty camera” applications. The apps have since been removed by Google.
The photo apps carried out a number of nefarious activities on Android devices which they were installed to. Some of the apps would load up a full-screen advertisement for fraudulent or pornographic content every time a user unlocked the device. Other apps in the batch would forward users to phishing websites that tried to steal their personal information. Sometimes attempts to steal users email or phone number were hidden under the guise of claiming a prize.
Trend Micro points out that even technically legal content, such as pornography, promoted by these apps were a scam. In their investigation, the security analysts paid for an adult video player pushed by the apps, which did not play any content.
Another batch of beauty apps went even further. Trend Micro discovered that a few of these photo filter apps that promised to “beautify” users’ pictures were actually stealing the photos. The app would upload a user’s photo to a private server. Instead of providing a filtered version of the pic in return, the app would display a picture with a fake message telling them they need to update the app. Trend Micro believes these stolen photos are used for other malicious activities, such as social media photos on fake accounts.
These apps were made to be incredibly difficult to catch. The developers behind them used compression archives, also known as “packers,” which basically make them hard to analyze. In addition, there’s no indication to a user that these apps were responsible for the pop-ups being shown on their Android phone. If a user were to attempt to uninstall applications in order to find the culprit, they would come across a problem there too. These fake beauty apps were hidden from a user’s application list.
In total, the 29 malicious apps were downloaded more than 4 million times. Three of the apps alone accounted for more than 3 million of the downloads.
This is far from the first time that malicious Android apps found their way to the Google Play store. While these apps have since been removed, the sheer number of downloads proves that Google simply isn’t moving fast enough to shut them down.