8 million Android users tricked into downloading 85 adware apps from Google Play
More often than not adware apps will run on a user’s device and will silently serve and click ads in the background and without the user’s knowledge to generate ad revenue. But these apps were particularly brazen and sneaky, one of the researchers said.
“It isn’t your run-of-the-mill adware family,” said Ecular Xu, a mobile threat response engineer at Trend Micro. “Apart from displaying advertisements that are difficult to close, it employs unique techniques to evade detection through user behavior and time-based triggers.”
The researchers discovered that the apps would keep a record when they were installed and sit dormant for around half-an-hour. After the delay, the app would hide its icon and create a shortcut on the user’s home screen, the security firm said. That, they say, helped to protect the app from being deleted if the user decided to drag and drop the shortcut to the ‘uninstall’ section of the screen.
“These ads are shown in full screen,” said Xu. “Users are forced to view the whole duration of the ad before being able to close it or go back to app itself.”
When the app unlocked, it displayed ads on the user’s home screen. The code also checks to make sure it doesn’t show the same ad too frequently, the researchers said.
Worse, the ads can be remotely configured by the fraudster, allowing ads to be displayed more frequently than the default five minute intervals.
Trend Micro provided a list of the apps including Super Selfie Camera, Cos Camera, Pop Camera, and One Stroke Line Puzzle all of which had a million downloads each.
Users about to install the apps had a dead giveaway: most of the apps had appalling reviews, many of which had as many one-star reviews as they did five-stars, with users complaining about the deluge of pop-up ads.
Google does not typically comment on app removals beyond acknowledging their removal from Google Play.