Apps from Google Play with millions of downloads stole user photos and advertised porn

The other day, Google has removed several dozen programs and millions of downloads from its application directory. As it turned out, these applications showed scam ads and stole users' personal data. Almost all of them were positioned as software for working with video and photos.

Almost all were popular - the number of downloads of each application ranges from hundreds of thousands to millions. The malware functionality was different. Some showed ads on the whole screen at the moment when the user tried to unlock the phone. A click on ads sometimes led to porn sites.

A specialized player was loaded, which, however, could not reproduce anything. Users had no idea where they could lead click on advertising. And it was not only porn, but phishing sites that tried to find out private information, such as addresses or phone numbers.

Applications, moreover, hid the icons from the list of installed software, so the average user was unclear how to remove what he put. The malware developers used special compression methods that made it difficult for information security specialists to study software.

Some applications promised the user to improve his (her) photos by uploading to a special server. The pictures were actually uploaded to the server, where they were apparently collected for some purpose by the attackers. The user saw a notification (in one of 9 languages) that the photo was optimized. This was done so that the victim did not suspect anything. Perhaps the pictures were used to create fake accounts in social networks.



Applications discovered by security specialists from Trend Micro. The case of applications shows that Google, unfortunately, has still not learned how to detect malicious software with a sufficient degree of accuracy. Moreover, malware continues to exist in the directory despite suspicious activity and a huge number of downloads.