It’s become increasingly apparent in recent years that Google is having a hard time keeping its Play Store free of apps that conceal malware or prey on users with phishing attempts and other scams. The latest example involves almost 30 Android apps found on the Play Store using a number of malicious tactics, including making it difficult for users to uninstall, with well over 4 million cumulative downloads.
An investigation carried out by security researchers at Trend Micro found 29 Android apps listed on the Play Store containing malware or involved in phishing scams. Among the tactics these apps used were displaying full-screen pop-up ads that linked to explicit content, in some cases even downloading a paid media player, and to websites that collected personal information from users, like addresses and phone numbers.
All 29 apps were claiming to be camera or photo-editing related, with the top three, “Pro Camera Beauty,” “Cartoon Art Photo,” and “Emoji Camera,” getting over 1 million downloads each, while others like “Artistic effect Filter,” “Selfie Camera Pro,” and “Horizon Beauty Camera,” had over 100,000 downloads each.
“None of these apps give any indication that they are the ones behind the ads, thus users might find it difficult to determine where they’re coming from,” wrote analyst Lorin Wu. In addition, the malicious software made sure to hide their icons from Android’s list of application, making it even harder for users to locate and uninstall them.
Another tactic used by apps promising to let users edit and “beautify” their photos involved having them upload their pics to a server, and then responding with a fake prompt about needing to update. Instead of actually returning edited photos, the developers were able to collect users’ photos for other purposes.
Trend Micro also found that the apps were using packers, an archive compression method, that hid their contents from Google and other security systems. The researchers recommend Play Store users carefully pay attention to the comments left in app reviews, and avoid any that mention suspicious behavior or unwanted pop-up ads after installing.