Several malicious camera apps on Google Play Store, downloaded millions of times, were discovered by cyber security company Trend Micro.
One set of apps “will push several full screen adverts when users unlock their devices, including malicious ads (such as fraudulent content and pornography) that will pop up via the user’s browser,” Trend Micro stated in a blog, adding “none of these apps give any indication that they are the ones behind the ads, thus users might find it difficult to determine where they’re coming from”.
Some of the apps redirect to phishing websites that ask the user for personal information including addresses and phone numbers.
A large number of the downloads were by users in Asia, particularly in India.
The second set of apps are photo filter-related services, now taken down by Google, which asked users to upload their pictures to a designated server in order to “beautify” them. These photos can be collected and used for malicious purposes, for instance as fake display pictures on social media.
“Given that many of these malicious apps take great pains to look as legitimate as possible, users should always investigate the legitimacy of an app. One good method of doing this is by checking reviews from other users. If the reviews mention any kind of suspicious behaviour, then it might be a good idea to refrain from downloading the app,” Trend Micro said.