Security firm Trend Micro has discovered 29 malicious beauty camera apps that aim to phish user traffic and steal your photos. The apps have already been removed by Google from the Play Store, but only after accumulating millions of downloads.
Once installed, some of the apps would load up full-screen advertisements for fraudulent or pornographic content each time the device is unlocked, and some of the apps would forward users to phishing websites to steal their personal information.
The apps are listed on the security bulletin as being detected as "AndroidOS_BadCamera.HRX" and look relatively legit upon initial download. Trend Micro details how one of the identified apps, "com.beauty.camera.project.cloud," creates a shortcut after being launched and hides its icon from the application list making it difficult to track down to delete.
Furthermore, when a user would upload a picture to have a filter applied, the app would upload the image to a private server and return an error message telling the user to update the app. Even the pop-ups for downloading paid players were fraudulent as it was found even clicking through to download the online video player didn't play anything.
Fill ART Photo Editor - middle: the fake editing process, right: the update
The analysis highlights that these apps evaded the Play Protect radar as they used packers to prevent them from being analyzed, and the remote server URL was converted to BASE64 twice over. The recommendation by the security firm is to judge the user reviews, which I'm confident most of our readers do anyway.
The company found the malicious apps had a consistent "U" pattern of reviews with a majority of the scores either 5-star or 1-star, which provides an indication of legitimate reviewers calling out its BS, with fake ones trying to bump it up. You can see the full list of malicious apps from the source link below.
- Trend Micro