Android users should uninstall these 36 fraudulent beauty apps, researchers warn

A fraudulent app was published to the Play Store every 11 days, and removed by Google every 17 days, study claims

Adam Smith
Tuesday 16 June 2020 09:43 BST
(AFP via Getty Images)

Google has removed 36 applications from the Play Store after they were found to be responsible for unwanted adverts and taking users to malicious websites.

The apps would also remove their icon from the smartphone’s home screen and apps folder, making it harder for the user to uninstall it.

Researchers from WhiteOps found fraudulent code in a number of beauty camera applications, with names such as “Yoroko Camera,” “Beauty Collage Lite,” and “Rose Photo Editor & Selfie Beauty Camera”.

Many of these apps can be identified by a large number of installations in a short space of time, and a large amount of 5-star and 1-star ratings, resulting in a “U-shaped distribution.”

Altogether, these apps were downloaded more than 20 million times, 565,833 per app on average.

A new app was published to the Play Store every 11 days, and removed by Google every 17 days, the researchers said.

“By September 2019, the threat actor had already had 21 apps removed (almost all of the apps they had published to that point), so they adapted their tactics. The fraudster likely developed a more robust mechanism to avoid detection and removal.” WhiteOps said.

“A batch of 15 apps, all published after September 2019, had a much slower removal rate using those new techniques.”

The group behind the apps attempted to change code in their apps to avoid detection, in a possible attempt to pinpoint the criteria used by Google for removing apps from the Play Store.

However, it could be that the actors simply wanted to keep the app on the store for later use.

When the fraudulent code is reactivated, millions of users would immediately become targets.

These hackers used a number of tactics to hide their fraudulent activities, including using several ‘packers’ in the apps.

‘Packers’ are when an app contains disguised files that cannot be read by analysis tools, making it harder for the Play Store to discover malicious activity.

They also used Arabic characters from the Quran to obfuscate the code, which “substantially reduces readability for people not familiar with Arabic, confuses researchers as to where bad actors are based, [and] breaks analysis tools/functionalities since several do not support unicode characters” the researchers said.

While Google may have taken the applications off the Play Store, that does not remove them from smartphones automatically.

If any user has these apps still on their device, it is recommended to uninstall them:

  • Yoroko Camera
  • Solu Camera
  • Lite Beauty Camera
  • Beauty Collage Lite
  • Beauty & Filters Camera
  • Photo Collage & Beauty Camera
  • Beauty Camera Selfie Filter
  • Gaty Beauty Camera
  • Pand Selife Beauty Camera
  • Catoon Photo Editor & Selfie Beauty Camera
  • Benbu Selife Beauty Camera
  • Pinut Selife Beauty Camera & Photo Editor
  • Mood Photo Editor & Selife Beauty Camera
  • Rose Photo Editor & Selfie Beauty Camera
  • Selife Beauty Camera & Photo Editor
  • Fog Selife Beauty Camera
  • First Selife Beauty Camera & Photo Editor
  • Vanu Selife Beauty Camera
  • Sun Pro Beauty Camera
  • Funny Sweet Beauty Camera
  • Little Bee Beauty Camera
  • Beauty Camera & Photo Editor Pro
  • Grass Beauty Camera
  • Ele Beauty Camera
  • Flower Beauty Camera
  • Best Selfie Beauty Camera
  • Orange Camera
  • Sunny Beauty Camera
  • Landy Selfie Beauty Camera
  • Nut Selfie Camera
  • Rose Photo Editor & Selfie Beauty Camera
  • Art Beauty Camera-2019
  • Elegant Beauty Cam-2019
  • Selfie Beauty Camera & Funny Filters
  • Selfie Beauty Camera Pro
  • Pro Selfie Beauty Camera

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in