Fake Prisma Apps Threaten 1.5M Android Users with Ads, Data Theft

Fake versions of the Prisma application for Android threaten as many as 1.5 million users with unwanted advertisements and data theft.

Prisma is a mobile application that allows users to alter their photographs in a style that mimics that of the world's most famous artists, including Van Gogh, Picasso, and others. It leverages "a unique combination of neural networks and artificial intelligence" to help users transform their pictures into works of art.

Prisma Labs released the app to Apple users in June 2016. Within a week of its release, the app received 7.5 million downloads on the App Store. Such popularity caused a surge in anticipation around Prisma's Android release date on 24 July, 2016, prompting many users to look for early releases of the app on the Google Play Store.

Malicious developers couldn't resist. They created their own fake Prisma applications and began peddling them to Android users.

Many of the fake Prisma applications were after either users' money or their personal information.

As researchers at the Slovakian security firm ESET explain in a blog post:

"Most of the fake Prisma apps found on Google Play didn’t have any photo editing functionality; instead they only displayed ads or fake surveys, luring the user into providing their personal information or subscribing to bogus (and costly) SMS services. Some actually had very basic photo editing functionality but mainly served the user a stream of pop-up ads or displayed scareware activity to persuade the user their device was infected with malware."

However, some of the apps had more nefarious goals in mind. Those apps contained the trojan downloader Android/TrojanDownloader.Agent.GY, which secretly loaded malicious software onto users' devices. The trojans then set about to collect users' information, including their phone number, operator name, country name, language, etc.

ESET detected five trojans in total. Two of them used phishing tactics to trick victims into entering their Google account credentials into a fake login form in order to receive an upgrade to Android 6.0.

As many as 1.5 million users downloaded those and other fake Prisma apps. According to ESET's researchers, they did so against their better judgment:

"Trying to download a popular app before its official release is a really bad idea as the chances of downloading a genuine app is slim while the risk of downloading a malicious copycat is large. This is true, even from Google Play, with all of the tech giant’s security mechanisms behind it. For users it’s difficult to determine whether a given app is genuine or not. Bad guys often use very similar icons, app names, subscriptions and even screenshots to confuse users."

Users sometimes wait weeks or even months until an anticipated app like Prisma or Pokémon Go comes out. But given the consequences of downloading a fake app, it's well worth it for users to be patient.