ITBusiness.ca

Adware-laced apps infect 9 million Google Play Store users

In the latest round of bad apps hunting, cybersecurity company Trend Micro has sniffed out 85 apps disguised as adware in the Google Play Store.

The report states that the 85 malicious apps – disguised as games and tools – unknowingly serves ads to users who install them. In total, the apps have been downloaded over nine million times.

The attack vector is also diverse: these apps can hide and run in the background on infected machines. Some can also monitor and alter device behaviour.

Some apps stand out due to their high download count. The fake app “Easy Universal Remote” garnered over five million downloads before it was removed. Before its suspension, it had a score of 3.9, and its review section was populated with complaints from users. The complaints ranged from the app not functioning as intended to hiding ads in the background.

Source: Trend Micro
Source: Trend Micro

After examining the behaviour of the 85 fake apps, Trend Micro concluded that they’re of the same family despite originating from different makers. They exhibit similar behaviours and often share the same code.

Many of the apps follow a strict formula. It first tricks the user into pressing fake call-to-action buttons that launch full-screen ads, then hide themselves and the app icon, preventing the user from shutting it down, making uninstalling difficult. The hidden apps then deliver a full-screen ad every 15-30 minutes.

An example of the fullscreen ads. Source: Trend Micro

Some other fake apps detect when the user unlocks the screen and serves an ad immediately after, increasing the ad’s chances to engage with the user.

After the report was released, Google removed all 85 apps from its Play Store.

A good way to prevent falling victim to similar attacks in the future is to always read user reviews in the comment section. Also, do research on the publisher and only download from established developers. In addition, tell tale signs of a bad app include unpolished user interfaces, typos, and obscure names.

Exit mobile version