Windows 10 News and info | Forum
January 18, 2020, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Android Apps With Millions of Installs Collect Selfies, Push Porn Ads  (Read 142 times)
Hero Member
Online Online

Gender: Male
United States United States

Posts: 30921

I Do Windows

WWW Email
« on: January 31, 2019, 01:54:16 PM »

Dozens of Android camera applications, some of them with over 1 million installs on the Google Play Store, were serving malicious ads and fake update prompts while also making sure that they won't be uninstalled by hiding their entries from the application list.

Lorin Wu, a mobile threats analyst for Trend Micro, sorted these malicious apps in two different categories: some of them were variations of the same camera application designed to beautify photos, while the other kind allowed their users to apply photo filters on their snapshots.

These apps have all been removed from the Google Play store by now, but not before they were able to amass millions of installations (some of them most probably fake).

All of them were also obviously connected to each other given that they were sharing various design components such as the screenshots added to their Google Play entries.

Malicious app's Google Play entry

According to Wu, the beauty camera apps detected as AndroidOS_BadCamera.HRX, were "capable of accessing remote ad configuration servers that can be used for malicious purposes."

After installation, they would automatically hide from the application list to make sure the victim would not be able to remove them and start displaying adult content and fraudulent content ads using the default web browser after every device unlock event.

To add insult to injury, the user would not be able to pinpoint the app that pushed the ads, while some of the advertisements redirected the victims to websites which asked for personal information to be able to collect various fake prizes.

The ads were displayed using ad configurations downloaded in JSON format which also contained instructions designed to allow the apps to adjust the ad behavior depending on the compromised device.

Malicious ad pop-ups

The other batch of malicious Android applications which targeted users who wanted to apply filters to their selfies could be considered even more dangerous considering that they uploaded their victims' snapshots to servers their authors controlled.

Seeing that none of them actually worked as advertised, only delivered fake update screens, and also hid themselves to avoid being uninstalled, their authors' intent was clearly malicious.

Fake update screens

As TrendMicro states, "The authors can collect the photos uploaded in the app, and possibly use them for malicious purposes for example as fake profile pics in social media."

Scores of malicious apps also installed by millions of users have been previously found on the Google Play store, stealing banking information while trying to avoid detection with the help of the motion sensor, showing ads while impersonating GPS apps and a host of other Android utilities.

« Last Edit: January 31, 2019, 02:07:38 PM by javajolt » Logged

Pages: [1]
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page September 29, 2019, 06:44:29 AM