Sign up to our free weekly IndyTech newsletter delivered straight to your inbox
Sign up to our free IndyTech newsletter
Google has removed 36 applications from the Play Store after they were found to be responsible for unwanted adverts and taking users to malicious websites.
The apps would also remove their icon from the smartphone’s home screen and apps folder, making it harder for the user to uninstall it.
Researchers from WhiteOps found fraudulent code in a number of beauty camera applications, with names such as “Yoroko Camera,” “Beauty Collage Lite,” and “Rose Photo Editor & Selfie Beauty Camera”.
Many of these apps can be identified by a large number of installations in a short space of time, and a large amount of 5-star and 1-star ratings, resulting in a “U-shaped distribution.”
Altogether, these apps were downloaded more than 20 million times, 565,833 per app on average.
A new app was published to the Play Store every 11 days, and removed by Google every 17 days, the researchers said.
“By September 2019, the threat actor had already had 21 apps removed (almost all of the apps they had published to that point), so they adapted their tactics. The fraudster likely developed a more robust mechanism to avoid detection and removal.” WhiteOps said.
“A batch of 15 apps, all published after September 2019, had a much slower removal rate using those new techniques.”
The group behind the apps attempted to change code in their apps to avoid detection, in a possible attempt to pinpoint the criteria used by Google for removing apps from the Play Store.
However, it could be that the actors simply wanted to keep the app on the store for later use.
When the fraudulent code is reactivated, millions of users would immediately become targets.
These hackers used a number of tactics to hide their fraudulent activities, including using several ‘packers’ in the apps.
‘Packers’ are when an app contains disguised files that cannot be read by analysis tools, making it harder for the Play Store to discover malicious activity.
Gadget and tech news: In pictures
Show all 25
They also used Arabic characters from the Quran to obfuscate the code, which “substantially reduces readability for people not familiar with Arabic, confuses researchers as to where bad actors are based, [and] breaks analysis tools/functionalities since several do not support unicode characters” the researchers said.
While Google may have taken the applications off the Play Store, that does not remove them from smartphones automatically.
If any user has these apps still on their device, it is recommended to uninstall them:
Yoroko Camera
Solu Camera
Lite Beauty Camera
Beauty Collage Lite
Beauty & Filters Camera
Photo Collage & Beauty Camera
Beauty Camera Selfie Filter
Gaty Beauty Camera
Pand Selife Beauty Camera
Catoon Photo Editor & Selfie Beauty Camera
Benbu Selife Beauty Camera
Pinut Selife Beauty Camera & Photo Editor
Mood Photo Editor & Selife Beauty Camera
Rose Photo Editor & Selfie Beauty Camera
Selife Beauty Camera & Photo Editor
Fog Selife Beauty Camera
First Selife Beauty Camera & Photo Editor
Vanu Selife Beauty Camera
Sun Pro Beauty Camera
Funny Sweet Beauty Camera
Little Bee Beauty Camera
Beauty Camera & Photo Editor Pro
Grass Beauty Camera
Ele Beauty Camera
Flower Beauty Camera
Best Selfie Beauty Camera
Orange Camera
Sunny Beauty Camera
Landy Selfie Beauty Camera
Nut Selfie Camera
Rose Photo Editor & Selfie Beauty Camera
Art Beauty Camera-2019
Elegant Beauty Cam-2019
Selfie Beauty Camera & Funny Filters
Selfie Beauty Camera Pro
Pro Selfie Beauty Camera
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies