Prisma, the app that became a global sensation with its ability to turn your photos into works of art, has become a honeypot for cybercriminals, with fake versions appearing in app stores vying to steal your personal information.
Capitalising on the popularity of the transformation app several, fake versions loaded with sly tricks such as fake surveys to capture users' data, as well as dangerous Trojan downloaders, snuck onto the Google Play Store.
According to a blog by ESET, who discovered these fake apps among the five Trojan downloaders on Google Play, two have phishing functionality implemented that could probably be executed via the downloaded module. Displaying a fake request to update the device's operating system to Android 6.0, the user is lured into entering their Google account credentials into a fake log-in form. The photo app was first released on iOS with a highly-anticipated Android version arriving later – this proved to be the perfect setup for fraudsters to flood the Google Play Store with fake versions before the official release in the hope of catching out a few gullible users. Sadly, they succeeded, and the copycat apps were downloaded over 1.5 million times.
A blog by ESET researcher Lukas Stefankot claimed most of the fake apps did not even offer a photo-editing feature, instead they "only displayed fake surveys luring the user into providing their personal information or subscribing to bogus [and costly] SMS services" while others only "served the user a stream of pop-up ads".
The security researchers at ESET notified Google's team and managed to pull the rogue apps down from the store. This isn't the first or last time speculators will try to fool us into giving away our personal details. It can be easy for users to fall into the trap as malicious actors will do their best to fool people with convincing logos and app icons but ESET offers some advice for staying safe when downloading apps:
How to safely download an app
- Follow the most basic rules for "Android application hygiene":
- Download from reputable sources only
- Check user reviews and focus on negative comments (keep in mind that positive ones may be fabricated)
- Read the app's terms and conditions, focus on permissions
- Use a quality mobile security solution
- When there is hype around your desired app, then also consider the following additional advice:
- Probably, you will face copycats along with the original app so be more careful than usual
- Thoroughly check the app's name and the developer's name – they must fit exactly, not only resemble what you expect
