Application Security , Endpoint Security , Internet of Things Security

Apps Infected With Adware Found on Google Play Store

Avast: Most of These Apps, Which Had 8 Million Downloads, Have Been Removed
Apps Infected With Adware Found on Google Play Store
(Photo: Bram Koster via Flickr/CC)

Some 21 malicious Android apps containing intrusive adware were discovered on the Google Play Store, but most have now been removed, according to a new report from the security firm Avast.

See Also: Gartner Insights: Uncover, Investigate, and Respond to Endpoint Threats with EPPs

These fraudulent mobile applications, disguised as Android gaming apps, had been downloaded more than 8 million times since they were made available in the store, according to the report, which cites statistics from SensorTower, a mobile intelligence firm.

The malicious apps contain malware called the HiddenAds Trojan, an intrusive form of adware that displays advertising and collects user data. The goal of such apps is to generate revenue by redirecting users to advertisements, according to a report published in March by McAfee.

The operators behind the malicious apps used social media platforms to help promote them, Jakub Vávra, a threat analyst at Avast, notes in the report.

"This time, users reported they were targeted with ads promoting the games on YouTube," Vavra says. "In September, we saw adware spread via TikTok. The popularity of these social networks makes them an attractive advertising platform, also for cybercriminals, to target a younger audience."

The Avast researchers informed Google about the apps that they found in the Play Store, and as of Tuesday all but three had been removed. A spokesperson for Google did not immediately reply to a request for comment.

HiddenAds Adware

The malicious Android apps, which appeared to be benign gaming apps, served up ads to the user once they were installed.

One way these apps raised suspicions is that they asked the user for excessive permissions once installed. For example, they asked to access a device's camera, storage and other files, according to the report.

List of 21 apps recently found in the Google Play store that contained adware (Source: Avast)

The apps could prove difficult for users to delete, the report notes. "They frequently hid their icons, so they couldn't be deleted, and hid behind relevant-looking advertisements, making them hard to identify.”

This type of adware typically connects with a command-and-control server and delivers unwanted advertising to a user's Android device at certain intervals, generating income on ad views for the fraudsters, according to the previous report from security firm ESET (see: 42 Phony Google Play Apps Delivered Adware: Report).

Mobile App Security

While Google has developed policies and tools to keep these types of malicious apps off the Play Store, fraudsters continue to find ways around the protections.

In September, for example, security firms Zscaler and Zimperium found dozens of Trojanized apps in the Google Play Store as well as third-party app stores (see: Fresh Joker Malware Variant Targeting Android Users).

In September, Avast also discovered seven malicious apps tainted with adware in the Google Play Store and Apple App Store. These apps had more than 2.4 million downloads and earned the fraudsters up to $500,000.

About the Author

Chinmay Rautmare

Chinmay Rautmare

Senior Correspondent

Rautmare is senior correspondent on Information Security Media Group's Global News Desk. He previously worked with Reuters News, as a correspondent for the North America Headline News operations and reported on companies in the technology, media and telecom sectors. Before Reuters he put in a stint in broadcast journalism with a business channel, where he helped produced multimedia content and daily market shows. Rautmare is a keen follower of geo-political news and defense technology in his free time.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.