You take a lot of photos with your Android device

You're probably constantly on the lookout for a better way to organize them and access them.  That's exactly what the authors of the malicious app called "The Album, by Google Photos" are hoping for.

The app put in a brief appearance on the Microsoft store, where it claimed to be from Google but it's clearly not.  Unfortunately, the authors have gone to great lengths to make it appear legitimate, and as such, it has been downloaded and installed an alarming number of times.

Don't run this app

When this app is installed and run for the first time, users are presented with a (legitimate) Google sign-in page.  It is not known whether the authors of the app siphon user login credentials from this page, but it's certainly possible. So if you have installed the app but haven't run it yet, don't log in.

Once you're logged in, the app will connect to a malicious URL and download a configuration file.  Using the information contained in the config file, it will begin running in the background, displaying ads invisibly and then clicking on them, earning revenue for the app's creators and slowing your Android device to a crawl in the process.

Note that the authors were careful, but only to a point.  Although the ads themselves are invisible, if those ads have an audio component, the user will hear the sounds associated with the ad, although of course, they won't have any clear indication of where the sounds are coming from.  This is, in fact, how researchers became aware of the malicious nature of the app.

Our perspective

If you've downloaded this app, please uninstall it immediately.  Doing so will improve your device's performance and stop those sounds that have no apparent source from troubling you further.


The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available at dwpia on LinkedIn, at dwpia on Facebook, and @dwpia on Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Denis S Wilson

I am President and Principal Consultant for DWP Information Architects: specializing in managed IT support for smaller healthcare practices, clinics, insurance companies, law firms, and construction companies in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance.

I am also a published author and speaker, working extensively with organizations that include: the State of California, the Federal Bureau of Investigation (FBI), the Small Business Administration (SBA), SCORE, Women's Business Centers, and Small Business Development Centers. As well as providing small business technology education programs through business and professional associations.

Contact me if you would like me to speak at your meeting.

Meanwhile, check out this report

Executive Report: 10 Hidden IT Risks That Might Threaten Your Business