ESET researchers discovered fake versions of Prisma, a popular photo transformation app on the Google Play Store. Among them were also dangerous Trojan Downloaders.
Before the release of the Android version of Prisma, a popular photo transformation app, fake Prisma apps of different types, including several dangerous Trojan Downloaders flooded the Google Play Store. Before being removed at ESET’s notice, Prisma copycats reached over 1.5 million downloads.
Prisma is a unique photo editor created by Prisma labs, Inc. After having achieved excellent ratings among users on iTunes where it was first released, Android users were eager for it. Before the official release date however, fake versions appeared on the store riding the wave of user impatience.
“Most of the fake Prisma apps found on Google Play didn’t have any photo editing functionality; instead they only displayed ads, warnings or fake surveys, luring the user into providing their personal information or subscribing to bogus and costly SMS services,” comments Lukáš Štefanko, ESET Malware Researcher. ESET Mobile Security detects these apps as Android/FakeApp and protects the users from them.
The most dangerous fake Prisma apps found on Google Play before the genuine Prisma app release were the Trojan Downloaders detected by ESET as Android/TrojanDownloader.Agent.GY. They would send device information to the C&C server, and on request, download additional modules and execute them.
Because of their download capabilities, the Android/TrojanDownloader.Agent.GY family of malware poses a serious risk to more than 10.000 Android users who installed these dangerous apps before they were pulled from the Google Play store
“It was clear that the Prisma app would be eagerly awaited by Android folks, given its popularity on the iOS platform. Such situations often attract bad guys who put out fake apps – either copycats or various derivatives, from tutorials to cheats – on Google Play to ride the wave of excitement,” warns Lukáš Štefanko.
Recommendation by ESET experts
Follow the most basic rules for “Android application hygiene”:
– Download from reputable sources only
– Check user reviews and focus on negative comments (keep in mind that positive ones may be fabricated)
– Read the app’s terms and conditions, focus on permissions
– Use a quality mobile security solution
When there is a hype around your desired app, then also consider the following additional advice:
– Probably, you will discover copycats along with the original app so be more careful than usual
– Thoroughly check the app’s name and the developer’s name – they must fit exactly, not only resemble what you’d expect
A detailed blog on the findings is available here: http://www.welivesecurity.com/2016/08/03/fake-prisma-apps-found-google-play/