Symantec researchers have unearthed another app on Google Play that secretly steals photos and videos from victims’ mobile devices.
But the curious thing is that it’s not an app that would attract a massive number of random users, but a very specific subset: web and app developers.
The app, named HTML Source Code Viewer and created by Sunuba Gaming, requests, among other things, permissions to access the device’s external storage.
Before being flagged as malicious and removed by Google from the app store, it was downloaded by at least 1,000 and possibly up to 5,000 users.
It targets all versions of Android after and including Gingerbread.
The researchers discovered that the app “posts files stored on the device in /DCIM/Camera/ and /DCIM/100LGDSC” (standard photo and video storage locations) to a web server hosted on proqnoz.info.”
“A look on this server revealed a wealth of personal media files dating as far back as March, 2015,” they noted, and posited that the collected media files could, at one point in the future, be used “for blackmailing, ransomware attacks, identity theft, pornography, and other forms of victimization.”
As per usual, users are advised to be careful when downloading apps, even from official, well-protected app stores like Google Play. A critical look at the permissions they ask is supremely important.