Urgent warning to delete two dangerous apps that STEAL all your private photos and blackmail you for money
TWO dangerous apps have been banned for stealing the private photos of those who install it, allowing hackers to later blackmail victims.
While the platforms have since been removed from the Google Play and Apple App Store, cybersecurity researchers have warned that TikTok clone apps may also be enacting the same attack.
4
4
4
Our smartphone camera rolls usually contain thousands of photos and screenshots – some of which could be used against you, cybersecurity researchers at Kaspersky have warned.
This could be anything from bank statements, card details, photo ID and security code screenshots, to cheeky photos you’d rather keep private.
The apps are thought to be embedded with a new strain of SparkCat malware – a form of malicious software, which Kaspersky discovered in January.
The software, which appears to be targeting iPhone and Android devices, uses a special optical character recognition (OCR) tool to give hackers eyes inside your phone.
Hackers are mostly using the malware to steal cryptocurrency wallet recovery phrases from images saved on infected devices.
But, as Bleeping Computer noted, the stolen data could also be used for other malicious purposes, like extortion, if the images contain sensitive content.
Table of Contents
Dangerous apps
The platforms used to spread the malware are currency app 币coin on the Apple App Store and instant messenger SOEX on Google Play.
SOEX, which also has some cryptocurrency exchange features, has been downloaded over 10,000 times via Android’s official app store, according to Bleeping Computer.
It’s unclear how many people have installed 币coin.
Once downloaded, the 币coin iOS app immediately requests access to the photo gallery, while SOEX on Android requests the storage permissions to access images.
It is important to always check what you are agreeing to when apps request permission to access the data on your device.
If users grant the iOS app permission, the malware silently monitors the gallery for changes and steals any new images.
On Android, the malware snatches images straight from the photo gallery, along with device identifiers and metadata, and hands them straight to hackers.
Some versions of the malware, titled SparkKitty, only hunt for screenshots and images containing text – suggesting they are on the prowl for passwords and security codes.
But there remains the risk of sextortion over nude images, or other forms of blackmail.
If you have downloaded one of the infected apps, then it’s important to delete it immediately.
Read more on the Scottish Sun
While the dangerous apps managed to evade Apple and Google’s security measures to register on their app stores, it is still important to download apps only through these official channels.
The photo-stealing malware, according to researchers, is running even more rampant on unofficial channels in the forms of TikTok clones, adult-themed games as well as gambling and casino apps.
How to spot a dodgy app
Detecting a malicious app before you hit the ‘Download’ button is easy when you know the signs.
Follow this eight-point checklist when you’re downloading an app you’re unsure about:
- Check the reviews – be wary of both complaints and uniformly positive reviews by fake accounts.
- Look out for grammar mistakes – legitimate app developers won’t have typos or errors in their app descriptions.
- Check the number of downloads – avoid apps with only several thousand downloads, as it could be fake.
- Research the developer – do they have a good reputation? Or, are totally fake?
- Check the release date – a recent release date paired with a high number of downloads is usually bad news.
- Review the permission agreement – this agreement gives permission for the app to take bits of your data, and fake apps often ask for additional data that is not necessary.
- Check the update frequency – an app that is updated too frequently is usually indicative of security vulnerabilities.
- Check the icon – look closely, and don’t be deceived by distorted, lower-quality versions the icons from legitimate apps.
All of this information will available in both Apple’s App Store and the Google Play Store.
4
Click Here For More Tech News
