Security form Trend Micro posted on their site detailing the discovery of some 29 malicious camera in from the Google Play store.

The good news? They’re gone – removed by Google. The bad news? They collectively ranked up a few million downloads, and apparently managed to evade Google Play Protect while doing so.

Many of the apps say they’re applying filters or effects, but in reality just upload an image to a remote server and show a deliberate error message.

In the worst cases, the user is shown ads and pornographic images. Some of the apps also attempt to hide themselves to evade uninstall attempts, and show full screen ads as users unlock their phones.

Trend Micro also suggests checking the reviews of apps before downloading them, noting the “U” pattern of review scores on most of these apps indicated a glut of (likely fake) 5-star reviews countered by a flood of 1-star user reviews. With little to no middle ground, something could be afoot.

The full list of apps:

Art Editor
Art Effect
Art Effect
Art Effects for Photo
Art Filter
Art Filter Photo
Art Filter Photo Editor
Art Filter Photo Effcts
ArtFlipPhotoEditing
Artistic effect Filter
Awesome Cartoon Art
Beauty Camera
Cartoon Art Photo
Cartoon Art Photo
Cartoon Art Photo Filter
Cartoon Effect
Cartoon Photo Filter
Emoji Camera
Fill Art Photo Editor
Horizon Beauty Camera
Magic Art Filter Photo Editor
Photo Art Effect
Photo Editor
Pixture
Prizma Photo Effect
Pro Camera Beauty
Selfie Camera Pro
Super Camera
Wallpapers HD

It’s not noted whether Google removed the apps as a result of Trend Micro’s research, or independently discovered the malicious nature of the apps themselves.

Security in this realm can be a bit of a game of cat-and-mouse. While Google Play Protect didn’t pick these apps up, you can bet the team behind that service is taking a good hard look at these apps to ensure they can detect the tricks employed by these developers in future.

For more details about how the apps worked and how Trend Micro discovered them, head over to Trend Micro’s Security Intelligence Blog.

Source: Trend Micro.
    3 Comments
    newest
    oldest most voted
    Inline Feedbacks
    View all comments
    Brad
    Brad
    1 year ago

    Very surprised about the Prizma app if it is the same one as I used as it was praised by many around the world shortly after it’s release.

    Brad
    Brad
    Reply to  Brad
    1 year ago

    Ah just checked Google Play and the app I was using was Prisma and not Prizma. Typo in my memory. 🙂

    Darren
    Darren
    1 year ago

    Reviews will nearly always tip you off.