Fake FaceApp Infects Mobiles With Malicious Malware

malware is hiding within illegitimate FaceApp installations, compromising
devices globally, and installing malicious advertising software.

On 7 July 2019 cybersecurity firm Kaspersky first highlighted the issue when multiple users noted problems once they downloaded FaceApp via unofficial sources. First, the app looked as though it had not installed correctly. Then it seemed like the install failure triggered a removal protocol. However, instead of being removed, devices were surreptitiously infected with MobiDash malware. Twitter has been awash with reports of this news.

It is not clear how many devices have been
infected in total. Kaspersky reported that since 19 July there have been at
least 500 different and individual compromises all within a 48-hour timeframe.

MobiDash first appeared “on our screens”
last spring.  Removal of this malware is
not easy as many Android users have found.

is a popular app used to transform your face using AI (artificial
intelligence). It grew in popularity on release in January 2017, and it is
growing again since its AI-based old-age algorithm produced a range of
celebrity snaps. With more than 12.7 million users reportedly downloading the
app over the last two weeks, in a rush to complete the widespread FaceApp
Challenge,  enterprising malware developers
capitalized on this chance to infect devices.

Essentially the FaceApp challenge is about taking a photo of yourself as you are today and using the apps AI to predict what you could look like when you are older. The challenge has taken Instagram by storm, and even celebrities are joining in the fun. However, the software offers in-app purchases costing up to nearly US$50. With costs running so high, it’s no wonder some users attempted to download fake versions of the app for free. That said, the app does offer a free trial period.

This is where MobiDash developers saw an opportunity to strike – deploying their malware. First, they created a FaceApp download that looks highly legitimate, available on third-party app stores. Then they made it look like the installation failed. From the users’ perspective, they think the app has been successfully removed. However, the MobiDash adware was hidden within the process, now living on the device and continually throwing up annoying ads.

Unfortunately, this particular piece of malware
can be tricky to remove since it’s usually listed as device administrator
software. However, it manages to remain absent from the administrator list.

This is not the only time FaceApp has been
in the news this month. Only last week, not long after the viral surge of
posting aging-AI-generated photos became a global sport, experts vocalized
their concerns over privacy.

Once users agree to the app’s terms of
service, they are granting the developers irrevocable, nonexclusive,
royalty-free title to the images used and the freedom to reproduce, adapt and
publish in whatever manner they choose.

There were additional concerns that the app
could scrape data from a user’s photo album, messages, or location. These
worries strengthened when users learned that the FaceApp development team is
Russian-based. Presidential Candidates were warned by the Democratic National
Committee not to use the app. US authorities are investigating the security
concerns raised.

The creators of MobiDash regularly hide
their adware modules within cleverly disguised applications and services,
looking for any opportunity to attack. This means that despite the reports on
this issue, activities of the fake FaceApp could intensify. Users are advised
not to download software from unofficial sources. Also, users are encouraged to
install security solutions on their devices.

There are other security measures a user
can take. Read reviews and ratings of apps before downloading them. License
agreements are always wise to read as sometimes you could be legitimately
agreeing to advertise malware. There are also security solutions you can
install on your devices to serve as a further security layer.