Phony Prisma Applications Affecting Android Owners Removed from Google Play Store

Google has removed several fake applications pretending to be 'Prisma', the widely used photo editing application on Android devices from its Google Play Store after 1.5m end-users took down the phony Android versions, reports We Live Security.

During June this year (2016), when Prisma Labs based in Russia first released the application for Apple users, the photo transformation application gained high popularity so much so that Apple users downloaded it over 7.5m times within no more than a week from the online market. But, before a new Android version was released in July, 2016 fake Prisma applications started inundating Google's Play Store.

ESET states its security researchers spotted many of these fake Prisma apps, a few having no functionality whatsoever, instead they showed malicious activities. A maximum of these fake apps contained adware which displayed either dubious surveys for users to answer or popup messages of false alerts. However, there were instances when security researchers detected far greater dangerous malware. Softpedia.com posted this dated August 3, 2016.

There was no real photo editing utility of the vast number of the phony apps rather they exhibited false surveys or advertisements that would fool users to the extent of making them provide their personal data alternatively registering for fake SMS services that cost highly. Downloading the fake Prisma potentially affected as many users as possible. Thereafter, a Trojan virus implanted into the app requested and pulled down one phishing module which displayed certain interstitial on the upper margin of users' device-screens that directed that they should provide their sensitive credentials for Google so as for upgrading their Android to version 6.0.

The Trojan downloaders that ESET detected to be Android/TrojanDownloader.Agent.GY kept themselves away from users' view when they interacted with their command-and-control (C&C) servers that subsequently were able to pull down more modules and execute them for extracting users' information.

There have been many instances previously when a highly publicized mobile application drew the attention of crooks who attempted at getting people to install copycat applications alternatively deceptive components. Indeed, malware for iOS and Android manages for remaining active in this manner.

» SPAMfighter News - 8/9/2016