Dozens of Android adware apps disguised as photo-editing apps and games have been caught serving ads that would take over users’ screens as part of a fraudulent money-making scheme.
Security firm Trend Micro said it found 85 individual apps downloaded more than eight million times from Google Play — all of which have since been removed from the app store.
More often than not adware apps will run on a user’s device and will silently serve and click ads in the background and without the user’s knowledge to generate ad revenue. But these apps were particularly brazen and sneaky, one of the researchers said.
“It isn’t your run-of-the-mill adware family,” said Ecular Xu, a mobile threat response engineer at Trend Micro. “Apart from displaying advertisements that are difficult to close, it employs unique techniques to evade detection through user behavior and time-based triggers.”
The researchers discovered that the apps would keep a record when they were installed and sit dormant for around half-an-hour. After the delay, the app would hide its icon and create a shortcut on the user’s home screen, the security firm said. That, they say, helped to protect the app from being deleted if the user decided to drag and drop the shortcut to the “uninstall” section of the screen.
“These ads are shown in full screen,” said Xu. “Users are forced to view the whole duration of the ad before being able to close it or go back to app itself.”
When the app unlocked, it displayed ads on the user’s home screen. The code also checks to make sure it doesn’t show the same ad too frequently, the researchers said.
Worse, the ads can be remotely configured by the fraudster, allowing ads to be displayed more frequently than the default five minute intervals.
Trend Micro provided a list of the apps — including Super Selfie Camera, Cos Camera, Pop Camera and One Stroke Line Puzzle — all of which had a million downloads each.
Users about to install the apps had a dead giveaway: most of the apps had appalling reviews, many of which had as many one-star reviews as they did five-stars, with users complaining about the deluge of pop-up ads.
Google does not typically comment on app removals beyond acknowledging their removal from Google Play.
- New Android adware found in 200 apps on Google Play
- Sennheiser’s flawed headphone software opened PCs and Macs to HTTPS site spoofing
- Millions of Android users tricked into downloading dozens of adware apps from Google Play
- Scranos, a new rootkit malware, steals passwords and pushes YouTube clicks
- A top-tier app in Apple’s Mac App Store stole your browser history
- Android security: 0.04% of downloads on Google Play in 2018 were ‘potentially harmful apps’