Google Play Store’s popular beauty camera app, with 4 million users stealing personal photos

Ubuntu security patch

Google Play Store flooding the several malicious beauty camera apps that steal sensitive images and apps from Android users, more than 4 million Android users has already downloaded the malicious app.

These apps initially do not indicate malicious activities until infected users delete the app and the maximum number of downloads is from Asia.

These apps are hard to uninstall because they hide their icon from the application list, making it difficult to drag and uninstall the app from the homepage.

For example, one of the Google Play Store’s malicious app named pops up pornography content ads when infected users unlock the screen. Researchers found a paid online pornography player (detected as AndroidOS PornPlayer.UHRXA) that was downloaded when you clicked the pop-up.

29 apps claimed to be camera or photo editing related to the top three, “Pro Camera Beauty, “” Cartoon Art Photo, “and “Emoji Camera, “each with more than 1 million downloads, while others such as “Artistic Effect Filter, “” Selfie Camera Pro, “and “Horizon Beauty Camera “had more than 100,000 downloads.

Malicious Android Apps Infection Process Malicious ads are not indicative of anything and it is very difficult for users to determine where it originates and who is behind these ads.


Some malicious Android apps redirect users to Phishing websites where users trick and disclose their personal information, such as addresses and telephone numbers.

Malicious beauty camera apps For example, one of the apps you can see in the image above indicates that it forces users to click OK, which leads to one of the malicious websites claiming that the user earns the cash price and requests personal information.

According to Trend micro, “Further research has led to another batch of filter-related photo apps that share similar behavior on Google Play. These apps appear to enable users to “beautify “their images by uploading them to the server.”

Malicious beauty camera apps Users finally get the picture with a fake update prompt in nine different languages instead of the edited photo result and the attackers collect the uploaded picture for malicious purposes.

All the malicious apps reported to Google have been removed from Google Play, but those malicious apps are still affected by downloaded users. Since many of these malicious apps make the most of their legitimacy, users should always investigate the legitimacy of an app. One good way to do that is to check reviews from other users, said Trend Micro.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.