A gaming app named Beaver Gang Counter, uploaded and available on the Google Play Store, contained malicious code that stole Viber photos and videos stored on the user’s smartphone.
Beaver Gang Counter is an app that helps users keep score for popular card games. According to Symantec security researchers, the app contained malicious code that after specific orders from its maker would scan the user’s phone for the Viber app, and then steal photos and videos recorded or sent through the app.
Android.Vibleaker uses time-delayed attacks
The malicious behavior didn’t show right away, but only manifested long after installation. Symantec says the app’s malicious code contained a pinging feature that would ask the crooks’ C&C server for permission to check, collect, and exfiltrate the desired files.
This behavior didn’t manifest in a short time after installation, which allowed the app to bypass Google’s app review process.
With over 500 million installations, Viber is a popular instant messaging mobile network through which users exchange text, image, and video content.
Crooks were scraping this app’s multimedia folders for content, which they could use to commit fraud, identity theft, blackmail, or to gather pornographic material.
The malicious app, now detected by Symantec as, reminds us of the Celebgate (The Fappening) incident when a hacker broke into the iCloud accounts of many celebrities and stole nude photos that he later posted online.
Users should still install apps only from official app stores
Symantec says it informed Google of Beaver Gang Counter’s behavior, and that the search giant removed the app from its Play Store.
Many times, security researchers warn users not to install apps from non-official app stores, but sometimes, incidents like these happen, when crooks manage to bypass Google or Apple’s security checks.
Before Beaver Gang Counter, security firm Lookout also discovered a similar app namedthat rooted Android devices and installed unwanted apps.