Saturday, March 8, 2025
HomeAdwareSelfie Camera apps with 1.5M+ Downloads Push Ads, Brick the Devices

Selfie Camera apps with 1.5M+ Downloads Push Ads, Brick the Devices

Published on

SIEM as a Service

Follow Us on Google News

Everyone wants to have a perfect selfie to share with friends or to post online, selfie filter camera apps are the one used to get perfect pictures.

Researchers from Wandera identified two malicious selfie adware apps that push intrusive ads to disrupt the user workflow. These apps enable its authors to make money from the affected devices by pushing ads.

These apps interrupt users workflow, capable of bricking their devices, drain out batters and it may also lead to device replacement. They found to have advanced functionality than the average adware apps.

Malicious App and Functionality

Sun Pro Beauty Camera and Funny Sweet Beauty Selfie Camera are the two apps observed with malicious functionality. They found downloaded 1.5M from the google play.

Once these apps installed on the device initially it shows in the app drawer, if they are opened then they create a shortcut and hides.

If the shortcut removed, it stays active and continues to run in the background, the following are the app behaviors.

Testing on SunPro Beauty Camera showed that even if the app is never opened and even after restarting the device, full-screen ads start to pop up that are difficult to close.

Testing on Funny Sweet Beauty Camera showed that the full-screen ads begin to appear outside of the app only when a filtered photo is downloaded via the app, locally on the device.

Both the apps having several negative reviews, as the app focuses on data-stealing instead of what it is intended for.

Selfie Camera apps

The malicious apps are packed with Ijiami packers, that used to prevent others from copying the source code. when compared to other packers Ijiami, goes a step further in replacing the original dex file, which makes unpacking process difficult.

Notable Permissions

Both the apps seek additional permission’s to stay stealthy and active

Sun Pro Beauty Camera permissions

RECORD_AUDIO – Allows the app to record audio at any time without user confirmation 033
INSTALL_SHORTCUT – Allows one part of the “stealthy” behavior
SYSTEM_ALERT_WINDOW – System alert window can allow the app to overlay some information and trick the user into clicking something he did not want

Funny Sweet Beauty Camera permissions

RECORD_AUDIO – Allows the app to record audio with the microphone. This permission allows the app to record audio at any time without your confirmation.
RECEIVE_BOOT_COMPLETED – Allows the app to activate after the phone is booted
SYSTEM_ALERT_WINDOW – Allows the app to display content over another app

Here you can find the best Adblocker Tool to get rid of annoying ads on your device, by employing an adblocker you can stay safe from abusive ads.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

10 Best Penetration Testing Companies in 2025

Penetration testing companies play a vital role in strengthening the cybersecurity defenses of organizations...

Lumma Stealer Using Fake Google Meet & Windows Update Sites to Launch “Click Fix” Style Attack

Cybersecurity researchers continue to track sophisticated "Click Fix" style distribution campaigns that deliver the...

Fake BianLian Ransom Demands Sent via Physical Letters to U.S. Firms

In a novel and concerning development, multiple U.S. organizations have reported receiving suspicious physical...

Strela Stealer Malware Attack Microsoft Outlook Users for Credential Theft

The cybersecurity landscape has recently been impacted by the emergence of the Strela Stealer...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

10 Best Penetration Testing Companies in 2025

Penetration testing companies play a vital role in strengthening the cybersecurity defenses of organizations...

Lumma Stealer Using Fake Google Meet & Windows Update Sites to Launch “Click Fix” Style Attack

Cybersecurity researchers continue to track sophisticated "Click Fix" style distribution campaigns that deliver the...

Fake BianLian Ransom Demands Sent via Physical Letters to U.S. Firms

In a novel and concerning development, multiple U.S. organizations have reported receiving suspicious physical...