Security researchers have discovered dozens of fake beauty apps on the Google Play Store that have no real functionality of their own but play advertisements on users' devices, steal photos of app users, and redirect users to malicious phishing websites that ask for their personal information.
These apps have been surprisingly popular in Asia, particularly in India, where some of them, such as Pro Camera Beauty, Cartoon Art Photo, and Emoji Camera, have been downloaded over a million times and others such as Art Editor, Artistic Effect Filter, Super Camera, and Selfie Cam Pro have been downloaded hundreds of thousands of times by unsuspecting Android users.
Reviews of such apps on the Google Play Store suggest that those who downloaded them quickly realised that such apps were fake and were only introduced on the Play Store to play advertisements on user devices and to steal photos of users to create false profiles on social media. A majority of reviewers have given a 1-star rating to all of these apps.
Beauty apps played ads, redirected users to phishing sites
According to security researchers at Trend Micro, these apps were not only pushing harmless ads but were also malicious in nature as they redirected their users to fake websites where they were asked to provide their addresses and phone numbers to claim surprise gifts.
These apps also hid their icons from application lists in Android devices so that users could not delete them post installation. Some of these apps also used packers to ensure they could not be analyzed.
"The app will push several full-screen ads when users unlock their devices, including malicious ads (such as fraudulent content and pornography) that will pop up via the user’s browser. During our analysis, we found a paid online pornography player. None of these apps give any indication that they are the ones behind the ads, thus users might find it difficult to determine where they’re coming from," the researchers said.
They were also able to find a number of other photo filter-related apps that allowed users to upload their photos and beautify them but instead of delivering final results, displayed a picture with a fake update prompt in nine different languages to users.
Trend Micro noted that the remote server, with which these photo filter-related apps communicate, is encoded with BASE64 twice in the code and the same technique is used by the apps to hide themselves as well.
If you have been using beauty camera apps or photo filter apps downloaded from the Play Store, you need not worry as Google removed these apps as soon as they were reported by Trend Micro. However, there is a possibility that there may be thousands of similar apps on the Play Store that may not be genuine, so in order to guard against them, do check out their reviews on the Play Store before downloading new apps.