There is an app on Google Play that can secretly steal photos and videos.
The app, named HTML Source Code Viewer and created by Sunuba Gaming, requests permissions to access the device’s external storage, said researchers at Symantec.
Before it ended up flagged as malicious and removed by Google from the app store, at least 1,000 and possibly up to 5,000 users downloaded it.
It targets all versions of Android after and including Gingerbread.
The researchers discovered that the app “posts files stored on the device in /DCIM/Camera/ and /DCIM/100LGDSC” (standard photo and video storage locations) to a web server hosted on proqnoz.info.”
“A look on this server revealed a wealth of personal media files dating as far back as March, 2015,” researchers said in a blog post. The collected media files could, at one point in the future, end up used “for blackmailing, ransomware attacks, identity theft, pornography, and other forms of victimization.”