Trend Micro researchers just discovered and reported a number of malicious beauty camera apps for Android on Google Play store, some of which downloaded millions of times. The apps could access remote ad configuration servers that could be used for malicious purposes, the researchers said.
Malicious Selfie Apps on Android’s Google Play Discovered
Trend Micro researchers grouped the apps in two categories. Some of the apps were variations of the same camera app that beautifies photos, and the rest offered photo filter on users’ snapshots. Fortunately, the apps are now removed from Google Play, but this may come a little too late as they were already downloaded by millions of users.
According to the official report, at first users are unaware of the malicious behavior of the particular app:
Take, for example, the package com.beauty.camera.project.cloud, which will create a shortcut after being launched. However, it will hide its icon from the application list, making it more difficult for users to uninstall the app since they will be unable to drag and delete it. Furthermore, the camera apps use packers to prevent them from being analyzed.
Once downloaded and installed, the app pushes several full screen ads upon unlocking the device. These ads can be malicious, and may promote frauds or pornography, and are designed to pop up via the user’s browser. The researchers also came across a paid online pornography player, known as AndroidOS_PornPlayer.UHRXA, which is downloaded after clicking on the pop-up. The player, however, is a fraud as nothing is played on it even after payment.
None of these apps give any indication that they are the ones behind the ads, thus users might find it difficult to determine where they’re coming from. Some of these apps redirect to phishing websites that ask the user for personal information, such as addresses and phone numbers, the report says.