Google has removed several malicious Android applications disguised as the popular Prisma app. They all contained malware and were downloaded over 1.5 million times, putting countless users in danger.
is one of today’s most popular mobile apps, allowing users to apply Instagram-like filters on top of their photos and transforming them into a painted work of art.
The app initially debuted for iOS devices only, and an Android version was, a few weeks back.
Crooks swamped Play Store with malicious, fake Prisma apps
Because of the Prisma’s huge following on iOS, crooks took advantage of the hype and uploaded multiple clones of this application on the Google Play Store, before its creators officially released the app.
it detected several of these clones, some of them with no functionality at all, but containing malicious behavior.
The vast majority of these contained adware that showed popups and surveys, but there were cases where researchers discovered more dangerous malware.
Dangerous trojan found inside one app
ESET claims it found a modular trojan that was capable of downloading smaller components with more intrusive behavior. The fake Prisma app was collecting information on users, such as phone number, operator name, country name, language and so on.
After this, the trojan embedded within would request and download a phishing module that showed an interstitial on top of the user’s screen, asking them for their Google credentials in order to upgrade to Android 6.0.
ESET explains this particular fake Prisma app has been downloaded at least 10,000 times, with as many users potentially affected.
This is not the first time that the hype surrounding a mobile app has attracted droves of crooks trying to trick users into installing cloned apps or cheat modules. In fact, this is how the Android and iOS malware landscape manages to stay alive.
Something similar has happened with games like Pokemon GO, GTA 5, Dubsmash, Subway Surfers or the MSQRD face-altering app.