The “Sexy Girls Wallpaper Gallery” app that was previously available in the Google Play store did in fact offer background photos of women, but it also asked for a permission that granted it access to information from popular accounts, according to Malwarebytes.
“With the permission GET_ACCOUNTS accepted, it then uses the getAccountsByType() function to gather account information from Google, Facebook, and Twitter,” Nathan Collier, senior malware intelligence analyst at Malwarebytes Labs, wrote in a Thursday post.
Ultimately, the developers get usernames and a Google email account, which could be used for spam, Collier told SCMagazine.com in a Monday email correspondence. He wrote in the post that the information is sent to a remote server as soon as the app is opened.
“The remote server is registered to Amsterdam, Netherlands and has bad reputation,” Collier said, explaining Malwarebytes has no information on the developers. Collier added that he does not have any regional information regarding who downloaded the app or who is being targeted, but he noted that the app is written in English.
The app is no longer available from the Google Play store, Collier said, but he wrote in the post that the app had been installed between 50,000 and 100,000 times. Aside from accessing accounts, the app functioned as advertised, he added.
“The App does actually provide wallpapers to the users, which makes it even more dangerous since users might not suspect an app of being malicious if it does what it advertises,” Adam Kujawa, head of malware intelligence at Malwarebytes Lab, told SCMagazine.com in a Monday email correspondence. “Users are more likely to think something is suspicious or dangerous if it does nothing.”
Collier advises users to always check the permissions of an app before installing it, as well as to read the reviews.