Dozens of Android camera apps were found pushing fake ads and adult contents
- Beauty camera apps detected as ‘AndroidOS_BadCamera.HRX’ were capable of accessing remote ad configuration servers which can be used for malicious purposes.
- After installation, they would automatically hide the icon in the background to make it difficult for the users to uninstall.
Dozens of beauty camera apps in Google Play Store have been found redirecting users to phishing websites and collecting their pictures. These apps were also discovered pushing unwanted adult contents on to the victims’ phones.
According to a detailed analysis by Trend Micro, some of these camera applications have over 1 million installs and a large number of them is found in India.
Lorin Wu, a mobile threat analyst for Trend Micro sorted these apps in two different categories. Some of them were variations of the same camera application, while the others allowed their users to apply photo filters on their snapshots.
Malicious and hard to get rid of
Beauty camera apps detected as ‘AndroidOS_BadCamera.HRX’ were capable of accessing remote ad configuration servers which can be used for malicious purposes.
After installation, these apps would automatically hide the icon in the background to make it difficult for the users to uninstall and start displaying adult content and fraudulent ads using the default web browser. The ads were displayed using ad configuration downloaded in JSON format.
Furthermore, these camera apps use packers to evade detection by anti-virus software.
Some of these apps redirected users to phishing sites which promised free prizes - they could be claimed after providing personal information.
The other set of apps that provided users with photo filters were considered to be more dangerous. Instead of beautifying users’ photos, these apps returned fake updates that were written in nine different languages.
“The authors can collect the photos uploaded in the app, and possibly use them for malicious purposes — for example as fake profile pics in social media. The remote server used by these apps is encoded with BASE64 twice in the code,” said Trend Micro in their report.
The camera apps that are engaged in pushing such malicious contents includes Pro Camera Beauty, Cartoon Art Photo, Emoji Camera, Artistic Effect Filter, Art Editor, Beauty Camera, Selfie Camera Pro, Super Camera and more.
Google has removed all such malicious apps from the Play Store. Meanwhile, users are advised to examine the legitimacy of an app before downloading it on their phones.