Google drops the banhammer on a bunch of selfie-stealing fake apps
How did this get past Google’s screeners?
29 fake apps masquerading as beauty camera applications have been removed from the Google Play store after an investigation by Trend Micro.
The malicious apps got past the (mostly) automated security checks on the Google Play store, showing that Google still has a way to go if it wants to keep its Android app store safe for users.
Downloaded mostly by users in India and elsewhere in Asia, the photo apps all had various ways of scamming those users once installed. Some of the apps forwarded users to phishing websites in an attempt to get login details and other personal information. Some of these attempts were hidden with the ruse of claiming a prize. Others showed full-screen advertisements for pornography or fraudulent goods when the user unlocked their phone.
And then, some apps actually stole photos
The worst bunch of the apps stole users photographs while promising to “beautify” them. Those photos taken were uploaded to a private server and instead of sending back a retouched image, a fake message telling the user to update the app would pop up. These stolen photos could then be used for fake social media profiles or other scummy uses.
The team at Trend Micro even found a supposedly-legit, paid porn app that when downloaded and paid for, wouldn’t play any content. Why anyone would pay for porn apps when there’s a bunch of free websites available I don’t know, but they got doubly-shafted.
The app creators used various methods to hide their true intentions
The creators of these apps used various means to hide their true intentions. A method of using compressed archives, known as “packers,” hid the initial payloads from Google’s scanners. The pop-ups didn’t indicate which app they were from, further making detection difficult. Some of the apps went even further, hiding the app’s icon from the user’s application list.
Overall, those 29 scammy apps were downloaded over 4 million times, maybe proving that beauty should be more than skin deep. Three apps made up the bulk of those downloads, with Pro Camera Beauty, Cartoon Art Photo, and Emoji Camera all being downloaded over a million times.
With scammers getting more technically-savvy, and Google having difficulty catching everything that’s uploaded to the Play store, it’s perhaps down to users to use their wits. Check the comments and reviews before downloading that new trending app – if anything makes you take pause, it’s probably not worth downloading.
- The Fortnite Marshmello concert was one for the record books, but not for the reason Marshmello says
- Puma also thinks we’re too lazy to tie our shoes
- Surprise, surprise – the FBI is accessing at-home DNA tests without our consent
- This deepfake of Steve Buscemi on Jennifer Lawrence’s body is fucking freaky
- CAT S48c rugged smartphone lands with a hearty splash on Sprint, Verizon in the U.S.