Cybersecurity Researchers Find Several Google Play Store Apps Stealing Users Data
A group of cybersecurity researchers have reportedly identified numerous apps available on the Google Play Store as of May 2022 that contain built-in adware, information stealing malware, and other malicious devices. On some of the apps, spyware has been secretly installed and is capable of stealing information from other app notifications in order to capture two-factor authentication passwords and conduct account takeovers. The majority of the apps have since been removed by the Play Store after being notified, however, three remain.
One of these apps is PIP Pic Camera Photo Editor, an app with malicious software installed that has over one million downloads. According to security researchers, the app steals individuals’ Facebook credentials to perform account takeover. Other apps in the list published by Dr. Web include Magnifier Flashlight and Wild & Exotic Animal Wallpaper, the latter of which recently changed its name to SIM Took Kit. The apps have 10,000 and 500,000 downloads respectively. Other apps that are listed on the forum have since been removed from the Play Store. Users should be aware of the legitimacy of the applications and verify their origins before downloading to avoid potentially harmful software.