Android Apps Pushing Adware Discovered on Google Play Store Adding to Malicious App Frenzy

June 8, 2018

android adware apps show google play storeAnother portion of apps infected with dangerous malware threats has been detected on Google Play Store this month. Cyber-security company Avast reports about 26 new malicious Android applications, some of which contain adware that forces ads on compromised devices. In addition to the unwanted advertisements that the apps push on users, the applications also implemented a special behavior feature to make the infection harder to remove.

To avoid immediate detection and removal from the official Google Play Store, the hackers have used different developer names, whereby the malicious apps have also been published in many different categories with the intention to confuse the researchers and to prevent them from recognizing all infected apps at once. Respectively, the attackers masked the aggressive adware tools as various types of supposedly useful applications like currency converters, fitness helpers, weather forecasters, or cryptocurrency-related programs.

The first signal for users that they have downloaded a compromised app on their device is that the malicious apps remove their icon from the home screen right after installation. This way, the attackers achieve on the one side that the apps are more difficult to remove; on the other side, it becomes thus harder for users to find out which app exactly is pushing the annoying ads.

Ads constantly popping up on the home and even lock screen is the malware's behavior that is recognizable for the user, however, the infected apps undertake many other actions in the background without the user's knowledge and consent. They can collect information from the device, like the unique identifier, running Android OS and app package name, and subsequently send the gathered data to a remote server. In some cases, the researchers from Avast have even found out that the malicious apps have been waiting for links from a second remote server, most likely with the purpose of installing additional malware threats on the compromised devices.

Avast also says that, based on the analysis of the data the apps have sent back to the attacker's server, the collected information has not been used to spy on the users. Rather, the hackers intended to make sure that the affected device has the right configuration to receive the payloads properly, and that the ads would be displayed correctly.

So far, it is known that the detected apps have been downloaded several thousand times and that some of them have been awarded fake 5-star reviews to make them look safe for users. Google has by now removed all detected apps from the Play Store, however, users who have already downloaded the malicious tools and wish to uninstall them can do this only from the Store since they cannot find the corresponding icon on their home screens.

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 2 + 3 ?