Profile Pics and How Trends Can Bite You
A new app generating eye-catching illustrated profile pics spiked in popularity at the beginning of May. The app, NewProfilePic, uses the user’s photo to create an eye-catching avatar that is part sketch and part cartoon. It originated in Moscow and according to some cybersecurity experts, it’s sending users’ personal information back to Russia.
This is similar to another trending app from 2020, FaceApp. The app would use photos provided by the user to show them what they would look like much older. Since the app originated in Russia and was being used by some high-profile people, the FBI investigated. According to a Forbes article, “[t]here is no solid evidence that FaceApp gives people’s data to the Russian government. However, the FBI said in its response to Schumer’s letter that the risk stems from the fact that Moscow can access communications directly via internet service providers.”
How does this impact you?
This NewProfilePic app looks legitimate and functions as expected. It’s hard to determine how risky this is. Similar to the FaceApp from 2020, the impact varies for everyday users. The real concern is that such an innocuous app is storing data that it doesn’t need. These apps request data such as your email address, phone number, social media logins (if used to share the profile image), etc alongside high-resolution images of your face.
Like many apps from Russia and China, if the government is scraping the data retrieved, they likely aren’t looking for the personal information of regular people. But that doesn’t mean that them having access to it might not impact you. Much of the breached data we see in InstantAlly comes from malware originating in Russia.
What to do next?
Have you recently downloaded the app NewProfilePic? It’s important to review the permissions that ALL new apps request. If it isn’t this trending app, it may be the next. Hackers, fraudsters, and malicious actors in foreign governments know how to get people’s information. Be careful what apps you put on your phone and regularly uninstall ones that you no longer use. Check your InstantAlly account to see if you’ve been impacted by other Russian malware.