The Google Play Store is the most popular and important app distribution platform on Android and its official nature makes threat actors publish innocent-looking apps which get downloaded a hundred thousand to a million times to unsuspecting users. The adware-infected apps posed as gaming, camera and photo editing apps.
This recent revelation was made by security firm Trend Micro who found that the apps were taking part in ad fraud delivering adware. This malpractice costs business up to $10 million in losses as of last year.
“It isn’t your run-of-the-mill adware family”
– Ecular Xu, a mobile threat response engineer at Trend Micro
According to Trend Micro, the apps not only display ads that are difficult to close bt also use unique techniques to dodge detection through user behaviour and time-based triggers.
30 minutes after downloading, the apps would hide their icons and create a shortcut on the homescreen. This makes it hard for them to be uninstalled by dragging and dropping the icon to the Uninstall section
The adware-infected apps used Java reflection to bypass detection as it allows for the runtime of an app to be inspected and modified.
The app starts displaying full-screen ads once the app was launched.
The apps are annoying as the only time you can close them is when you’ve watched the entire ad.
Fraudsters can also remotely configure how often the ads are shown on devices that have adware-laden apps. The ads could be displayed more times more than the usual five-minute interval.
Trend Micro alerted Google and the tech giant removed the 85 apps that had been downloaded over a million times each.
The apps include
- Editing apps: Video Cut, Blur Master, Quick Blur, Background Eraser, Background Changer,
- Camera apps: Super Camera, Seals Camera, Connect Smash, Stylish Camera, Super Camera, 361 camera, Cherry Camera, Mirth Cam, Easy Camera, Perfect Camera, Fashion Camera, Face Camera, QR Code Scanner, Panda Camera, Magic Camera, Meet Camera, Fancy Camera, Selfie Dog,
- Gaming apps: Jelly Crush, one-line draw puzzle stroke, Find Differences, Toy Blast, Color House, Checkers Box, One Touch Draw, One Stroke Drawing, Draw 1 line, Tiy Smash
You can see the full list of the apps here including their package names.
Most of the apps had really bad reviews on the Play Store which should have been huge red flags for users before downloading them.
What to do to protect yourself
- Use these tips to protect yourself from downloading malicious apps from the Play Store or the sideloaded apps.
- This checklist will help you make sure that your device’s security in top shape and keep off malware