Symantec has discovered an app on Google Play that steals photos and videos from the popular social media app Viber. Beaver Gang Counter masquerades as a score keeping app for a popular card game but secretly searches for media files related to the Viber app and sends them to a remote server.
It’s easy to imagine who the personal photos and videos stolen by this malware could be used by online criminals for the purposes of blackmail, stalking, fraud, identity theft or just good old-fashioned voyeurism.
Interestingly, it seems that Beaver Gang Counter waited for instructions from a remote command and control (C&C) server before scooping up personal photos and videos. This functionality appears to have helped the malware waltz past the Google Play store’s vetting process.
Malware on the Android platform is a growing problem, but it’s even worse when it makes its way into the official Android app store.
Symantec says that Google has now removed the offending app and developer from Google Play, but one wonders how long it will be before someone else attempts something similar.