Google Play Apps With Over 4.3 Million Downloads Stole Pics, Pushed Porn Ads
Saturday February 2, 2019. 02:30 AM , from Slashdot
Trend Micro researchers discovered another batch of apps that falsely promised to allow users to 'beautify' their pictures by uploading them to a designated server. Instead of delivering an edited photo, however, the server provided a picture with a fake update prompt in nine different languages. The apps made it possible for the developers to collect the uploaded photos, possibly for use in fake profile pics or for other malicious purposes. The developers took pains to prevent users from detecting what was happening. 'The remote server used by these apps is encoded with BASE64 twice in the code,' Wu wrote. 'In addition, several of these apps can also hide themselves via the same hidden technique mentioned above.'
Read more of this story at Slashdot.
Feb, Sat 16 - 19:27 CET