The Prisma app has become a global phenomenon thanks to its ability to make works of art out of your photos, but its success has caught the eye of cybercriminals.
Prisma uses machine-learning algorithms to place filters over your photos and turn them into works of art inspired by a number of world-renowned artists. Millions of users downloaded the app when it came out on iOS, and millions more joined the party when the Android version was released recently.
Trojan downloaders threaten gullible users
This success meant that the developer’s servers struggled to deal with the workload, such was the hype around the app. All of the buzz around Prisma became big news, and now it looks like cybercriminals have tried to cash in on the success of the app.
Fake versions of Prisma have been found on app stores, with the software attempting to steal your personal information. They use tricks like fake surveys in order to collect user data, and feature Trojan downloaders that have been slipped into the Google Play Store.
ESET wrote a blog on the fake apps after discovering the apps among five Trojan downloaders on the Google Play Store. Of the five, two have phishing software built-in that could possibly be run after the software was downloaded. The app pulls up a fake request to update to Android 6.0 in order to entice the user into entering their Google user details.
Late Android release benefits cybercriminals
The fact that Prisma was released on iOS before Android played into the cybercriminals’ hands. The staggered release meant that hackers could make fake Prisma apps for Android before the official release, hoping to catch some overeager users out. It might seem like an unlikely ploy, but the apps were in fact downloaded more than 1.5 million times.
ESET researcher Lukas Stefankot wrote in his blog that most of the fake Prisma apps did not even include a photo-editing feature. Stefankot says that they “only displayed fake surveys luring the user into providing their personal information or subscribing to bogus [and costly] SMS services” while others only “served the user a stream of pop-up ads.”
The ESET team got in touch with Google and the fake apps were taken down from the app store, but the episode is one of a long-running series of problems. Cybercriminals previously tried to trick users into giving away personal details after downloading WhatsApp Gold, a premium version of the popular messaging app.
Fake apps an ongoing problem
Other cases were seen involving fake Pokemon Go apps, while GTA 5 fans were lured by a fake app that was released before the official version. Several popular apps like My Talking Angela, Dubsmash and Subway Surfers saw porn clickers released before the real app.
Many of the fake apps can look quite convincing, using official logos and icons. However it is important to check and check again before downloading an app, especially one that hasn’t officially been released yet. Check out ESET for more information on staying safe online.
The team have a number of basic rules designed to keep your Android device safe. The first is to download from reputable sources while checking reviews from previous users. Look into the permissions that are included in the terms and conditions of the app, and make sure that you have decent security software installed on your device.
Stay safe online
Should the app that you want to download be subject to more excitement than usual, it pays to be extra careful. These hyped apps are more likely to be targeted by cybercriminals.
Make sure that you check the name of the app and the developer. These should be exactly as you expect, rather than a close resemblance.
In an age of real concern over online security and privacy, it is a wonder that so many people are still fooled into giving away their personal details to shady characters. However excited you may be about the arrival of an app, it is highly unlikely that it will be released on an app store ahead of the official release date.
As with many things on the internet, it is important to be wary rather than naive. Every time you download an app, check the permissions that it asks for and the name of the developer. If it sounds too good to be true, it probably is.
After all it’s not worth handing over your personal details to cybercriminals for the chance to add filters to your photos.