Beijing Daily client news on July 7th, if you randomly install a financial lending app in the software market, when you log in to register, this software may have silently opened the camera to take your avatar information and steal it All kinds of private information such as your short messages and call logs. The 360 ​​Security Brain has recently detected that in financial mobile software, there is a group of software with stealthy camera behaviors, in the name of providing loan services, stealing and collecting private information silently, privacy security is like a thin ice.

Monitoring data shows that as of mid-June this year, a total of credit bags, flowers for you, chanting flowers, ten thousand loans, Huayi loans, today’s wallets and fish were found Nine softwares such as jump staging, fish rice staging, pistachios, etc. These software “stolen” means are slightly different from the past. In addition to illegally collecting sensitive user communication data, they will also try to silently photograph and upload user facial images.

Technical staff introduced that this kind of software uses the open source no preview camera tool AndroidHiddenCamera to silently take pictures. After the user opens the login interface, this tool will open “illegal” “Road”, first detect the mobile phone model, then call the front or rear camera according to the model, and finally take a silent photo without prompting sound and flash, easily avoiding user perception. Cunningly, if it is detected that the user is using a specific type of mobile phone with a lifting camera, the software will also avoid collecting facial images, so as to prevent the camera from rising to make the user aware and achieve the purpose of candid photography.

In addition, after the user logs in successfully, he must complete multiple authentications before borrowing. With this authentication link, this type of software takes the opportunity to collect user SMS, call records and installation Software list, and send these personal sensitive information to the designated server together with the ID photo uploaded during authentication.

360 claims that, after tracing the source of the security brain, it is determined according to the domain name of the privacy backhaul server of some of the software in this type of software. The target unit for illegally collecting user privacy is Hunan New Salary Times Credit Services Co., Ltd. According to the company’s official website business and official introduction, it is mainly engaged in overseas financial APP development. In addition to 9 softwares with silent camera behaviors such as “Give You Flowers”, “Credit Bags”, and “Baobai Flowers”, there are also 5 softwares that illegally collect user privacy for the company. These softwares are also loan software. Although the silent camera function is not used, there is also a privacy collection behavior that the user does not perceive.

Security experts remind users to carefully grant privacy permissions and permit privacy statements, download APPs from trusted application markets as much as possible, install and promptlyUpdate anti-virus software.

(Originally titled: “Stealing Privacy Means and then “Upgrading”, 9 APPs Accused of Silent Photographing”)