Android adware has been in the spotlight within the last couple of months.
Back in August, there was “Triout,” which could record not only phone calls but also export phone interactions from a device. Before then, another adware, dubbed Agent Smith, infected over 25 million Android phones.
Now there’s a new threat to Android devices.
The security researchers at Slovak internet security company, ESET, recently found 42 apps in Google Play, which contain adware. According to the researchers, Android users have downloaded these infected apps over 8 million times since their first debut in July 2018.
Since the apps look like any other app, they are challenging to detect. That means you may have downloaded one already.
So how does an adware-infected app affect Android devices?
How the Adware Works in the Background
As said earlier, these apps look like any other app on the Google Play. So, it’s not surprising that users would download them.
However, the apps would start serving full-screen ads a few moments after installation. Furthermore, these ads pop-up at a semi-random interval, said the researchers.
Why can’t users simply uninstall the adware, you ask?
For one, the apps often delete their shortcut icon after installation, making it difficult to remove. Also, adware-infected apps usually mimic the function of regular apps like Gmail and Twitter to distract users from their actual purpose, which also include collecting user data.
According to the researcher, the apps work stealthily to collect and send data about users’ devices to the attackers.
For example, it could check if you installed some specific apps, and if your device allows apps from non-app store sources. Then, the adware uses this information to install more malicious content on a device.
In a statement to the press, one of ESET’s security researchers, Lukas Stefanko said:
“The adware functionality is the same in all the apps we analyzed.”
Again, you have to ask:
How Did the Adware-Infected Apps Evade Google Play’s Security Mechanism?
Well, according to the researchers, the apps checked if an infected device is connected to Google’s servers, and this allowed them to avoid detection. For example, the adware payload would lie dormant when the apps detect Google Play’s security mechanism.
Some of these apps include Video Downloader Master, with over five million downloads already. Then, there’s Tank Classic, Ringtone Maker Pro, and SaveInsta, which each had 500,000 downloads.
The ESET team believes that college students from Vietnam may be responsible for the adware campaign.
Although Google has removed the infected apps, the security researchers warn that many similar ones exist in third-party app stores.
Comments (0)
Most Recent