According to a recent report by a cybersecurity company Trend Micro, Google Play Store continues to struggle with a large number of malware-infected applications. The security firm has recently reported the discovery of 29 more malicious apps that were masquerading as ‘beauty camera’ applications.
Before Google removed the apps, they had over 4 million downloads, with the top three applications being downloaded a million times each. The apps revolved around stealing photos and images from the user’s phones and uploading them on external servers, controlled by the hacker. In addition, some of the apps also expressed other forms of bad behavior, such as displaying inappropriate ads with either fraudulent or pornographic content whenever users unlocked their phones.
Some of the apps would also try to send users to fake websites, hoping to steal their login credentials if the user attempts to access their account.
Trend Micro researchers reported that all of the content promoted by the apps was a part of the scam, even if it is technically legal, such as pornography. During their attempts to reveal the full scale of the campaign, researchers paid to install an adult video player that one of the apps was promoting. Once installed, the app did not play any content.
Other apps posed as photo filters which promised high-quality photo modifications. However, after testing the apps, researchers uncovered that the app is actually stealing users’ images. The reason behind this is suspected to be the use of images for creating fake social media accounts and similar malicious actions . Meanwhile, after stealing the photo, the app would notify the user that they need to upgrade the app, instead of returning a filtered version.
In an attempt to avoid detection, hackers have started using more complex and stealthy methods, such as compression archives, in this case. Compression archives are also known as packers, which make the apps increasingly difficult to analyze. Furthermore, it is difficult for the user to determine which app is causing the pop-up ads.
They are also difficult to uninstall, as they often hide the app icon from the app list on the users’ phones.
The report also states that the majority of the downloads have seemingly occurred in Asia, especially when it comes to India. Photo-editing applications have become popular in this region lately, which is why many of the country’s Android users got their devices infected.
Google took down the apps after receiving Trend Micro’s report. However, considering the massive problem that the Play Store has had with malicious apps in recent years, it is likely that there are many more out there that have yet to be discovered. Because of this, Android users are advised to always check the app reviews before downloading any app, and search for signs of suspicious behavior.