With the rise in the mobile market, Adware has become one of the most prevalent mobile threats in the world. Adware has traditionally been used to aggressively push ads like banners or pop-ups on mobile screens to make money for its makers.
The now-removed 85 apps in question disguised as games, streaming TV, and remote control simulator apps in the Google Play store and had collectively been installed by nine million users all over the world.
Researchers from cyber security company Trend Micro spotted these apps which has the ability to bombard user devices with full-screen advertisements at regular intervals or when users unlock their device by monitoring their screen unlocking functionality.
The apps can display ads even when you are not browsing the internet, hide themselves and run in the background on infected devices.
The most popular fake app in the list was Easy Universal TV Remote, which was downloaded more than 5 million times before it was removed, had a solid 4-star rating from over 100,000 users with review section being populated with complaints from users.
Other apps included Police Chase Extreme City 3D Game, Prado Parking City 3D Game, Moto Racing, Parking Game, TV WORLD, SPORT TV, A/C Air Conditioner Remote, Garage Door Remote Control and many more.
Trend Micro researchers tested each app and discovered that though the apps came from different developers and had different APK cert public keys, most shared the same or similar code and often were similarly named.
"Upon closing the first ad, call to action buttons such as 'start,' 'open app,' or 'next,' as well as a banner ad will appear on the mobile device's screen. Tapping on the call to action button brings up another full-screen ad," the researchers said in a blog post.
"After the user exits the full-screen ad, more buttons that provide app-related options for users appear on the screen. It also prompts the user to give the app a five-star rating on Google Play. If the user clicks on any of the buttons, a full-screen ad will pop up again."Even after a few seconds, the app disappears from the user's screen and hides its icon on the user's device, but still runs in the background. The hidden adware apps then show a full-screen ad every 15 or 30 minutes on the user's device.
🔐 Mastering API Security: Understanding Your True Attack Surface
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!Join the Session
Trend Micro researchers reported their findings to Google, who promptly removed them from its Play store after verifying the report. However, those users who have already installed one such app on their mobile handsets can remove it manually, but it's not as easy as it sounds.
"While the fake apps can be removed manually via the phone's app uninstall feature, it can be difficult to get there when full-screen ads show up every 15 or 30 minutes or each time a user unlocks the device's screen," Trend Micro noted.While adware is becoming more aggressive a sophisticated these days, the risk is a bit higher on Android operating system than other platforms because of the extra permissions apps enjoy.
Although Google has stepped up its efforts to remove potentially harmful apps from its Play Store in the past years and added more stringent malware checks for new apps, Adware app eventually finds its way into its mobile app marketplace to target millions of Android users.
The easiest way to prevent yourself from falling victim to such attacks in the future is to always beware of fishy applications, even when downloading them from official Play Store and try to stick to the trusted brands only.
Moreover, always look at the app reviews left by other users who have downloaded the app, and also verify app permissions before installing any app and grant only those permissions that are relevant for the app's purpose.
Last but not the least, you are strongly advised to always keep a good antivirus app on your Android device that can detect and block such malicious activities before they can infect your device, and keep your device and apps up-to-date.