Malicious fake Prisma apps 'downloaded 1.5 million times from Google Play'
Fake versions of Prisma were downloaded more than 1.5 million times in the run-up to the photo app’s Android release.
Experts from ESET said the Google Play store was “flooded” with malicious imitators trying to take advantage of the excitement around the app’s release on July 24th.
Most had no photo editing functions, instead luring users to supply their personal information, take on expensive subscriptions or download malware to their devices.
The malicious apps were removed from the app store by Google when it was alerted to their presence, but only after they had reached more than 1.5 million downloads.
The most dangerous of the fake apps were Trojan downloaders, which would send device information to their control servers and download and execute additional software.
These additional modules were then seen to steal sensitive information like phone numbers, operator names, countries and languages – although others may have different functions.
Another module examined by ESET displayed a fake prompt to download Android 6.0, giving users a fake login form to enter their Google credentials into.
The researchers said the Trojan downloaders pose “a serious risk” to more than 10,000 users who downloaded them before they were removed from the store.
“Trying to download a popular app before its official release is a really bad idea as the chances of downloading a genuine app is slim while the risk of downloading a malicious copycat is large,” wrote malware researcher Lukas Stefanko on the ESET blog.
“This is true, even from Google Play, with all of the tech giant’s security mechanisms behind it. For users it’s difficult to determine whether a given app is genuine or not. Bad guys often use very similar icons, app names, subscriptions and even screenshots to confuse users.”
He advised users to download apps only from reputable sources, check user reviews for negative comments, check the requested permissions and use a mobile security solution.