Emerging Threats
Discovery leads to malicious app that steals Viber photos and videos

Written by a NortonLifeLock employee
Researchers at Symantec have recently discovered a malicious app that can steal photos and videos from the popular instant messaging and VoIP app Viber. The malicious app, Beaver Gang Counter, which was available on Google Play, positions itself as a score-keeping app for a card game. Instead of helping you keep score, it secretly searches for the directories that Viber uses to store images and video files, which it then sends to a remote server.


Don’t wait until a threat strikes.
Security threats and malware lurk on Windows PCs, Macs, and Android and iOS devices. If you use more than one device – like most of us do – you need an all-in-one security suite. Meet Norton Security Premium.
Enjoy peace of mind on every device you use with Norton Security Premium.
No Credit Card Required

This type of data could reveal host of personally identifiable information (PII). It is said that a photo is worth a thousand words, and in this case, these photos may be able to tell attackers information such as where and when the photo was taken. Not to mention any personally identifiable information that may be shown or said in these images. Whatever information is gleaned from the photos and videos can be used for criminal purposes, such as identity theft, blackmail, fraud, or pornography.
It was also found that the malicious app is using what is called time-delayed attacks in order to evade security measures. This means that the program does not engage in malicious activity right from the start, which is likely what allowed it to bypass Google’s security precautions and sneak onto the Google Play Store. Symantec alerted Google to this issue and the company has removed the app and its developer from the Google Play Store.
Symantec suspects that Viber was targeted because it is an extremely popular social media app with over 500 million installs on Google Play alone.
How to protect yourself from this threat:
- Always keep your software up to date. Updating software fixes vulnerabilities that malware can sneak through.
- Only download apps from trusted sources, such as official App stores like Google Play and iTunes.
- Pay close attention to the permissions that apps request. If something doesn’t seem right, deny the permission and uninstall the app.
- Install a suitable mobile security app, such as Norton, which detects this threat as Android.Vibleaker.
- Make frequent backups of important and valuable data.


Today’s attacks are multi-pronged. That’s why you need a layered approach to security.
Norton software blocks web-based attacks at the network level, before they ever reach your PC.
Now you can help protect against malware with Norton AntiVirus Basic.

Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Copyright © 2023 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.