A number of phony apps, masquerading as the popular photo-editing app Prisma, have been removed from the Google Play Store, but not before 1.5 million users downloaded fake Android versions, according to We Live Security.
The app was initially released in June 2016 by Russia-based Prisma Labs to Apple users and proved a popular and well regarded photo transformation app. It was downloaded more than 7.5 million times in its first week on the market. However, prior to the release of an Android version last month, fake Prisma apps began flooding the Google Play Store.
ESET offered the following basic rules for “Android application hygiene”:
ESET researchers detected several phony Prisma apps. Among these were a number of potent trojan downloaders. Upon notification from the security firm, Google removed these from its Android store. But not before Prisma knockoffs were downloaded more than 1.5 million times.
The majority of the fake versions didn't have any actual photo-editing functions. Instead they displayed ads or fake surveys to dupe users into offering up their personal information or signing up for phony and costly SMS services. Some displayed scareware activity to frighten users into believing their device was infected with malware.
However, the most potent iterations of the fake Prisma apps were trojan downloaders, identified by ESET as Android/TrojanDownloader.Agent.GY, which hid their presence from view while contacting command-and-control servers which could then download further modules, execute and siphon out user data.
"Trying to download a popular app before its official release is a really bad idea as the chances of downloading a genuine app is slim while the risk of downloading a malicious copycat is large," ESET warned.