Apps Infected With Adware Found on Google Play StoreAvast: Most of These Apps, Which Had 8 Million Downloads, Have Been Removed
Some 21 malicious Android apps containing intrusive adware were discovered on the Google Play Store, but most have now been removed, according to a new report from the security firm Avast.
These fraudulent mobile applications, disguised as Android gaming apps, had been downloaded more than 8 million times since they were made available in the store, according to the report, which cites statistics from SensorTower, a mobile intelligence firm.
The malicious apps contain malware called the HiddenAds Trojan, an intrusive form of adware that displays advertising and collects user data. The goal of such apps is to generate revenue by redirecting users to advertisements, according to a report published in March by McAfee.
The operators behind the malicious apps used social media platforms to help promote them, Jakub Vávra, a threat analyst at Avast, notes in the report.
"This time, users reported they were targeted with ads promoting the games on YouTube," Vavra says. "In September, we saw adware spread via TikTok. The popularity of these social networks makes them an attractive advertising platform, also for cybercriminals, to target a younger audience."
The Avast researchers informed Google about the apps that they found in the Play Store, and as of Tuesday all but three had been removed. A spokesperson for Google did not immediately reply to a request for comment.
The malicious Android apps, which appeared to be benign gaming apps, served up ads to the user once they were installed.
One way these apps raised suspicions is that they asked the user for excessive permissions once installed. For example, they asked to access a device's camera, storage and other files, according to the report.
The apps could prove difficult for users to delete, the report notes. "They frequently hid their icons, so they couldn't be deleted, and hid behind relevant-looking advertisements, making them hard to identify.”
This type of adware typically connects with a command-and-control server and delivers unwanted advertising to a user's Android device at certain intervals, generating income on ad views for the fraudsters, according to the previous report from security firm ESET (see: 42 Phony Google Play Apps Delivered Adware: Report).
Mobile App Security
While Google has developed policies and tools to keep these types of malicious apps off the Play Store, fraudsters continue to find ways around the protections.
In September, for example, security firms Zscaler and Zimperium found dozens of Trojanized apps in the Google Play Store as well as third-party app stores (see: Fresh Joker Malware Variant Targeting Android Users).
In September, Avast also discovered seven malicious apps tainted with adware in the Google Play Store and Apple App Store. These apps had more than 2.4 million downloads and earned the fraudsters up to $500,000.