Even when installing from the Google Play store, caution should be used when installing apps.
A good rule to follow is to ask yourself if the app being installed is asking for more permissions than what it needs to function. When it comes to a wallpaper app, the list of permissions should be rather short.
It was recently brought to our attention that there was a wallpaper app on the Google Play store that had an extra permission that didn’t fit. It was using the permission GET_ACCOUNTS which allows access to list accounts.
This wallpaper app was doing a bit more than just displaying pictures on the device’s background.
The app goes by the name of Sexy Girls Wallpaper Gallery with the package name com.sexywallpapers.wallpaper.sexy. With the permission GET_ACCOUNTS accepted, it then uses the getAccountsByType() function to gather account information from Google, Facebook, and Twitter.
The stolen account information is then sent to a remote server. This is all triggered when the app is opened.
It uses the value email for Google/email account info, emailf for Facebook account info, and emailt for Twitter account info when sending to the remote server.
Read the entire report at malwarebytes