Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Android App Stole User Photos for Over a Year

A malicious Android application that was posing as a development tool was stealing users’ media files for over a year, researchers at Symantec warn.

A malicious Android application that was posing as a development tool was stealing users’ media files for over a year, researchers at Symantec warn.

The offending software was being distributed via Google Play, the official app storefront for Android, where it was posing as a development tool called “HTML Source Code Viewer,” published by Sunuba Gaming. The application had between 1,000 and 5,000 downloads when researchers discovered its nefarious activities.

Instead of offering development capabilities to unsuspecting users, the program was grabbing photos and videos from the compromised devices and was sending them to a remote server, Symantec researchers discovered.

To ensure that it could perform its malicious activities unhindered, the program requested a series of permissions that should have tipped users off on its hidden agenda. These include the ability to open network connections, access to information about networks, the permission to read from external storage, and the permission to write to external storage.

This is the second media-stealing app that was found in Google Play over the course of a month, after a piece of software called Beaver Gang Counter was found in late June to be engaging into similar behavior. That application, however, was targeting photos and videos from the popular social media app Viber.

The newly discovered malicious program, on the other hand, is targeting all of user’s personal photos and videos by searching for the files stored in  “/DCIM/Camera” and “/DCIM/100LGDSC/” folders, which are the standard locations for this type of content. All of these files were then uploaded to a web server hosted on proqnoz.info, researchers say.

What’s more worrying than the fact that the server contains a great deal of personal photos and videos stolen from victims is that some of these files are dated as far back as March, 2015. “This personal media could be used for blackmailing, ransomware attacks, identity theft, pornography, and other forms of victimization,” Symantec’s Shaun Aimoto explains.

The security researchers also discovered that the attacker’s server is hosted in Azerbaijan and that the malicious application is targeting Gingerbread and newer versions of Android. Google was informed on the nefarious activities the HTML Source Code Viewer application was engaged into and has removed it from Google Play.

Related: Android Malware Gang Makes $10,000 a Day: Report

Related: Information-Collecting Android Keyboard Tops 50 Million Installs

Written By

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

Chinese tech giant Huawei patched nearly 300 vulnerabilities in its HarmonyOS operating system in 2022.