Android app found in Google Play store stole users' photos, videos

Development tool removed from Android app store for targeting users’ media files

Html source editor

Researchers have discovered an app in the Google Play Store that steals users' photos and videos.

Symantec's Shaun Aimoto explains that the app "HTML Source Code Viewer", developed by Sunuba Gaming, poses as a development tool.

In actuality, the app sends files stored in an Android phone's standard image and video locations to "proqnoz.info," a web server hosted in Azerbaijan.

Attackers could use people's stolen media for all kinds of nefarious purposes. As Aimoto notes in a blog post:

"A look on this server revealed a wealth of personal media files dating as far back as March, 2015. This personal media could be used for blackmailing, ransomware attacks, identity theft, pornography, and other forms of victimization."

1

This is not the first media-stealing app Symantec has discovered. In June, the computer security firm detected "Beaver Gang Counter," which masqueraded as an entertainment app while it stole all media files related to the Viber app and sent them to a remote server.

HTML Source Code Viewer had at most 5,000 downloads before Symantec notified Google's security teams, who swiftly took down the app from the Google Play Store.

Like most file stealers, the app had a series of questionable permissions given its alleged purpose, including the ability to open network connections and to read from/write to external storage.

With that in mind, users should carefully review the permissions of any and all apps they download onto their devices, including those that are available on Google Play. If the permissions seem inconsistent with the app's advertised function, they should avoid installing the app altogether and notify Google's security teams.

Users should also update their software, back up their important data, install a security solution onto their devices, and download apps only from trusted developers on the Google Play Store.

Tags: , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, ,

One Response

  1. David L

    August 2, 2016 at 3:31 pm #

    Ever since jellybean, I have made it a habit to limit apps with advertising. Currently I only have one, TuneIn, and use a blocking app while using the other. After use, I shut it down completely. Any app with ad SDKs also has internet permissions by default, as well as every permission the main app has. I have paid for apps that come from well established developers, and have found some amazing free apps with virtually no permissions. Although that's no guarantee of innocence, I do more outside research on them all before downloading. But, reviews in playstore are a must read.

Leave a Reply