Symantec Discovery Leads to Malicious App That Steals Viber Photos and Videos

Researchers at Symantec have recently discovered a malicious app that can steal photos and videos from the popular instant messaging and VoIP app Viber. The malicious app, Beaver Gang Counter, which was available on Google Play, positions itself as a score-keeping app for a card game. Instead of helping you keep score, it secretly searches for the directories that Viber uses to store images and video files, which it then sends to a remote server.

This type of data could reveal host of personally identifiable information (PII). It is said that a photo is worth a thousand words, and in this case, these photos may be able to tell attackers information such as where and when the photo was taken. Not to mention any personally identifiable information that may be shown or said in these images. Whatever information is gleaned from the photos and videos can be used for criminal purposes, such as identity theft, blackmail, fraud, or pornography.

It was also found that the malicious app is using what is called time-delayed attacks in order to evade security measures. This means that the program does not engage in malicious activity right from the start, which is likely what allowed it to bypass Google’s security precautions and sneak onto the Google Play Store. Symantec alerted Google to this issue and the company has removed the app and its developer from the Google Play Store.

Figure 1. The Beaver Gang Counter app steals Viber media files

Symantec suspects that Viber was targeted because it is an extremely popular social media app with over 500 million installs on Google Play alone.

How to protect yourself from this threat:

• Always keep your software up to date. Updating software fixes vulnerabilities that malware can sneak through.
• Only download apps from trusted sources, such as official App stores like Google Play and iTunes.
• Pay close attention to the permissions that apps request. If something doesn’t seem right, deny the permission and uninstall the app.
• Install a suitable mobile security app, such as Norton, which detects this threat as Android.Vibleaker.
• Make frequent backups of important and valuable data.