Google took down a total of 29 malicious apps for Android that were advertised on the Google Play Store as beauty camera applications, but carried out activities such as stealing the user’s pictures.
The apps werediscoveredby cybersecurity firm Trend Micro, which said that some of them have already been downloaded millions of times. A large number of the downloads were from users in Asia, particularly in India. In total, the 29 malicious Android apps weredownloadedover 4 million times before they were removed from the Google Play Store, with three of them accounting for over 3 million downloads.
Trend Micro said that after downloading one of the malicious apps, users will not suspect anything wrong until they attempt to delete it. One example is a package that will hide the app’s icon to make it more difficult touninstall it. The apps also used compression archives, also known as packers, to make them hard to analyze. There was also no indication that the apps were the ones behind the issues that users suddenly experienced.
One of the more alarming activities of the malicious Android apps was requesting for users to upload pictures to “beautify” them. The images were uploaded to a private server, and instead of a filtered photo, the app displayed a message that said an update was required. Trend Micro believes that the pictures were stolen, and used for purposes such as making fake social media accounts.
This is far from the first time that security problems were discovered in Android apps. Last year, there were apps thattrackedchildren’s personal data, secretlyrecordedthe smartphone’s screen, and attempted tophishcryptocurrency logins. As always, users can help protect themselves and their sensitive information from malicious apps by only downloading Google Play Store apps made by trusted developers and publishers.
