While Apple has kept relatively tight control over its App Store, Google has historically been a little looser with what it lets onto its own app storefront. Although the tech giant has made efforts recently to clean up the Play Store, there are still some bad actors getting through.
A report from cybersecurity firm Trend Micro has found a batch of 29 photo- and selfie-related apps that have all been acting maliciously towards the users that installed them. The bad behaviour ranges from money-making schemes like serving up inappropriate and fraudulent full-screen ads when users unlock their phone, to potentially more troubling activities like stealing user photos and uploading them to an external server.
What’s worse is that a majority of the apps in question have been downloaded thousands of times, and three of them have been installed over a million times each. Trend Micro states that a large number of these downloads occurred in Asia, especially India, where photo-related apps are exceedingly popular.
Dodgy tactics
Some of these apps have utilized tricks to hide the app icon to make it more difficult to uninstall, and when the aforementioned pop-up ads run, there’s often no indication that the particular app is the cause of them.
The majority of the full-screen ads use typical pop-up scam tactics, with text claiming the user has won something (usually an iPhone), or in some cases posing as a commercial pornography service, but clicking through the link will lead to a phishing scam where users must enter their details to ‘claim their prize’.
Among the 29 apps that Trend Micro uncovered, another offered to beautify a user’s selfies, although once the user uploads a photo to the external server, they are then served with a fake update prompt which leads, again, to a phishing site.
The bad actor is then free to use the uploaded selfies for such nefarious purposes as fake social media profile pictures.
After being made aware of the problematic apps, Google has removed them from its Play Store. However, as with any app you're considering installing, it’s always worth checking out the store reviews to see if any other users have found them exhibiting suspicious behavior.
Below is the list of the malicious apps discovered by Trend Micro, appearing from most to least downloaded:
- Pro Camera Beauty
- Cartoon Art Photo
- Emoji Camera
- Artistic effect Filter
- Art Editor
- Beauty Camera
- Selfie Camera Pro
- Horizon Beauty Camera
- Super Camera
- Art Effects for Photo
- Awesome Cartoon Art
- Art filter Photo
- Art Filter Photo Effects
- Cartoon Effect
- Art Effect
- Photo Editor
- Wallpapers HD
- Magic Art Filter Photo Editor
- Fill Art Photo Editor
- ArtFlipPhotoEditing
- Art Filter
- Cartoon Art Photo Filter
- Art Filter Photo Editor
- Pixture
- Art Effect
- Photo Art Effect
- Cartoon Photo Filter
While it may go without saying, if you have any of the above apps installed then it's recommended you remove them immediately.
