In brief: We’re always advised to avoid downloading applications from outside the app stores, but that doesn’t mean malicious programs don’t occasionally sneak their way onto official services. Not for the first time, Google has removed dozens of apps after they were found to contain nefarious code.
A report from security firm Trend Micro last week revealed that 29 camera and photo apps in the Google Play Store performed unwanted activities, such as pushing full-screen ads containing fraudulent content and pornography when users unlocked their devices.
Other apps redirected users to phishing websites that attempted to steal personal information, often by falsely claiming they had won a prize. Another batch that purported to be beauty apps were designed to let the developers steal users’ uploaded photos. Instead of receiving an edited image after uploading a selfie to the servers, victims would get a message claiming they needed to perform an update. Clicking on this led to another phishing site.
The apps used different methods to prevent people discovering their malicious activities, including compression archives (packers) that made them difficult to analyze, and remote servers that were “encoded with BASE64 twice in the code.” Additionally, there was nothing indicating to the user that the ads were linked to the apps. Even uninstalling them was difficult, as they were hidden from the standard application list. The apps' reviews did suggest something was amiss, however.
While these sort of malicious apps usually aren’t very popular, the 29 programs in this instance were downloaded 4 million times, with many of the users originating from India. Three apps had over one million downloads, while eleven had at least 100,000. Google has now kicked them from its store, though it seems most of the damage had already been done.