GoFuckYourself.com - Adult Webmaster Forum - Google pulls 29 photo filter apps that led millions to porn sites

https://zdnet4.cbsistatic.com/hub/i/...-appstrend.jpg

Google pulls these 29 bogus photo apps that led millions to porn, phishing sites

Millions of Android users have downloaded one of 29 popular but fake photo-filter apps that pushed ads leading visitors to sites with fraudulent content and pornography.

Some of the now-removed apps, including Pro Camera Beauty, Cartoon Art Photo, and Emoji camera, were downloaded more than a million times, according to security firm Trend Micro.

They're the latest batch of malicious apps found by third-party researchers to have sneaked past Google's automated Play Store checks following data-stealing apps and a steady stream of adware apps.

MENU
US
MUST READ: Windows Update problems: Fixed now but here's what went wrong, says Microsoft
Google pulls these 29 bogus photo apps that led millions to porn, phishing sites
More malicious Android apps with bogus 5-star user reviews found on Google Play.

Liam Tung
By Liam Tung | February 4, 2019 -- 11:33 GMT (03:33 PST) | Topic: Security

1

0:00Fullscreen
Millions of Android users have downloaded one of 29 popular but fake photo-filter apps that pushed ads leading visitors to sites with fraudulent content and pornography.

MORE SECURITY NEWS
YubiKey: Protect your Facebook, Google, and other online accounts with this hardware authentication key
$145 million funds frozen after death of cryptocurrency exchange admin
Linux kernel gets another option to disable Spectre mitigations
iOS 12.1.4 is coming to fix the worst iPhone and iPad bug to date
Some of the now-removed apps, including Pro Camera Beauty, Cartoon Art Photo, and Emoji camera, were downloaded more than a million times, according to security firm Trend Micro.

They're the latest batch of malicious apps found by third-party researchers to have sneaked past Google's automated Play Store checks following data-stealing apps and a steady stream of adware apps.

The bad apps potentially evaded Google's automated security checks by using packers, which compress APK files and are designed to prevent malware analysis.

So as not to raise suspicion among users, nothing seems amiss until the user attempts to delete the app. One of the apps was found to create a shortcut after launching but then hides its icon from the app list, making it more difficult to delete.

The main purpose of the apps is to push full-screen and pop-up ads in the user's browser that encourage the user to install apps requiring payment to view content that is never delivered. However, it's not obvious to the user that the source of the ads are the offending apps.

Other apps lured Android users with the promise of a prize, including an iPhone X, before leading the victim to a phishing page.

Some of the apps that promised to beautify pictures also didn't return an edited photo but merely captured the uploaded photo, which could be used to set up fake social-media profiles.

MENU
US
MUST READ: Windows Update problems: Fixed now but here's what went wrong, says Microsoft
Google pulls these 29 bogus photo apps that led millions to porn, phishing sites
More malicious Android apps with bogus 5-star user reviews found on Google Play.

Liam Tung
By Liam Tung | February 4, 2019 -- 11:33 GMT (03:33 PST) | Topic: Security

1

0:00Fullscreen
Millions of Android users have downloaded one of 29 popular but fake photo-filter apps that pushed ads leading visitors to sites with fraudulent content and pornography.

MORE SECURITY NEWS
YubiKey: Protect your Facebook, Google, and other online accounts with this hardware authentication key
$145 million funds frozen after death of cryptocurrency exchange admin
Linux kernel gets another option to disable Spectre mitigations
iOS 12.1.4 is coming to fix the worst iPhone and iPad bug to date
Some of the now-removed apps, including Pro Camera Beauty, Cartoon Art Photo, and Emoji camera, were downloaded more than a million times, according to security firm Trend Micro.

They're the latest batch of malicious apps found by third-party researchers to have sneaked past Google's automated Play Store checks following data-stealing apps and a steady stream of adware apps.

The bad apps potentially evaded Google's automated security checks by using packers, which compress APK files and are designed to prevent malware analysis.

So as not to raise suspicion among users, nothing seems amiss until the user attempts to delete the app. One of the apps was found to create a shortcut after launching but then hides its icon from the app list, making it more difficult to delete.

The main purpose of the apps is to push full-screen and pop-up ads in the user's browser that encourage the user to install apps requiring payment to view content that is never delivered. However, it's not obvious to the user that the source of the ads are the offending apps.

Other apps lured Android users with the promise of a prize, including an iPhone X, before leading the victim to a phishing page.

Michael Voltaggio is passionate about telling stories through food
PAID CONTENT BY Toyota
SEE: Cybersecurity in an IoT and mobile world (ZDNet special report) | Download the report as a PDF (TechRepublic)

Some of the apps that promised to beautify pictures also didn't return an edited photo but merely captured the uploaded photo, which could be used to set up fake social-media profiles.

Trend Micro recommends that Android users should check Play Store user reviews before installing am app. But previously, scammers have bombarded their own apps with fake reviews.

In this case Trend Micro found many of the bad apps had a U-shape distribution of reviews with mostly 5-star and 1-star ratings. This could suggest a high number of fake reviews is combined with legitimate reviews from users reporting problems.

Trend Micro has published a full list of all malicious apps Google took down this time. The apps were downloaded in total over four million times.