CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?


Mobile & Wireless

Android App Stole User Photos for Over a Year

A malicious Android application that was posing as a development tool was stealing users’ media files for over a year, researchers at Symantec warn.

A malicious Android application that was posing as a development tool was stealing users’ media files for over a year, researchers at Symantec warn.

The offending software was being distributed via Google Play, the official app storefront for Android, where it was posing as a development tool called “HTML Source Code Viewer,” published by Sunuba Gaming. The application had between 1,000 and 5,000 downloads when researchers discovered its nefarious activities.

Instead of offering development capabilities to unsuspecting users, the program was grabbing photos and videos from the compromised devices and was sending them to a remote server, Symantec researchers discovered.

To ensure that it could perform its malicious activities unhindered, the program requested a series of permissions that should have tipped users off on its hidden agenda. These include the ability to open network connections, access to information about networks, the permission to read from external storage, and the permission to write to external storage.

This is the second media-stealing app that was found in Google Play over the course of a month, after a piece of software called Beaver Gang Counter was found in late June to be engaging into similar behavior. That application, however, was targeting photos and videos from the popular social media app Viber.

The newly discovered malicious program, on the other hand, is targeting all of user’s personal photos and videos by searching for the files stored in  “/DCIM/Camera” and “/DCIM/100LGDSC/” folders, which are the standard locations for this type of content. All of these files were then uploaded to a web server hosted on, researchers say.

What’s more worrying than the fact that the server contains a great deal of personal photos and videos stolen from victims is that some of these files are dated as far back as March, 2015. “This personal media could be used for blackmailing, ransomware attacks, identity theft, pornography, and other forms of victimization,” Symantec’s Shaun Aimoto explains.

The security researchers also discovered that the attacker’s server is hosted in Azerbaijan and that the malicious application is targeting Gingerbread and newer versions of Android. Google was informed on the nefarious activities the HTML Source Code Viewer application was engaged into and has removed it from Google Play.

Advertisement. Scroll to continue reading.

Related: Android Malware Gang Makes $10,000 a Day: Report

Related: Information-Collecting Android Keyboard Tops 50 Million Installs

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...