Google has removed dozens of popular apps Security firm discovered 29 malicious apps listed on the official Google Play store, all advertised as "beauty camera" applications. The apps have been removed by Google.
The photo apps carried out a number of critical activities on Android devices which they were installed to. Some of the apps would load up a full screen for fraudulent or pornographic content every time a user unlocked the device. Other apps in the batch would forward users to phishing websites that tried to steal their personal information. Sometimes trying to find users email or phone number was hidden under the guise of claiming a prize.
Trend Micro points out that even technically legal content, such as pornography, promoted by these apps were a scam. In their investigation, the security analysts paid for an adult video player pushed by the apps, which did not play any content.
Another batch of beauty apps went even further. Trend Micro discovered that a few of these photo filter apps that promised to "beautify" users' pictures were actually stealing the photos. The app would upload a user's photo to a private server. Instead of providing a filtered version of the pic in return, the app would display a picture with a fake message counting them they need to update the app. Trend Micro believes these stolen photos are used for other malicious activities, such as social media photos on fake accounts.
These apps were made to be incredibly difficult to catch. The developers behind them are used compression archives, also known as "packers," which basically make them hard to analyze. In addition, there is no indication to a user that these apps were responsible for the pop-ups being shown on their Android phone. If they were to try to uninstall applications in order to find the culprit, they would come across a problem there too. These fake beauty apps were hidden from a user's application list.
In total, the 29 malicious apps were downloaded more than 4 million times. The apps alone account for more than 3 million downloads
This is the first time that malicious apps found their way to the Google Play store.