There’s no dearth of beauty camera apps on Google Play Store, spawned by the selfie craze that refuses to die out. But the huge risk in downloading such apps was highlighted last month, with US-based cybersecurity firm Trend Micro discovering “several” of them capable of accessing remote ad configuration servers that can be used for malicious purposes, including stealing information and scamming users.
In fact, Google has deleted 29 malicious “beauty camera” apps that were sharing pornographic content and forwarding users to phishing websites to steal their information, IANS reported. Some of these apps like Pro Camera Beauty, Cartoon Art Photo and Emoji Camera had been downloaded over a million times, which is unsurprising given the popularity of such apps. Worryingly, “a large number of the download counts originated from Asia – particularly in India,” Trend Micro said in a recent blog post.
According to the firm, a user downloading such malicious apps will not suspect anything is amiss until he/she decides to delete the app. “Take, for example, the package com.beauty.camera.project.cloud, which will create a shortcut after being launched. However, it will hide its icon from the application list, making it more difficult for users to uninstall the app since they will be unable to drag and delete it,” it explained, adding, that the camera apps furthermore “use packers” to prevent them from being analysed.
And while being saddled with the dubious apps, users would have to deal with several full screen ads on unlocking their devices, including fraudulent content and pornography popping up via their browsers. Significantly, the firm flagged off that since none of the offending apps gave any indication that they are the ones behind the ads, users might find it difficult to determine where they’re coming from. “Some of these apps redirect to phishing websites that ask the user for personal information, such as addresses and phone numbers,” said Trend Micro. “During our analysis, we found a paid online pornography player that was downloaded when clicking the pop-up. Take note, however, that nothing will play, even after the user pays and executes the player.”