Safety researchers have discovered dozens of Android apps in the Google Play store serving ads to innocent victims as part of a money-making plan.
ESET researchers saw 42 apps carrying adware, which they say have been downloaded more than 8 million times after they first debuted in July 2018.
How Does Adware Work?
These apps seem ordinary but work sneakily.
Once an inexperienced user installs an adware-infected app, the app will toil full-screen ads on the device’s display at semi-random breaks.
Usually, the apps will delete their shortcut icon, causing it harder to remove.
Some adware-infected apps will also imitate Facebook and Google’s apps to evade suspicion.
More likely as a way to withdraw from the actual ad-serving app and hold the app on the device for long as possible.
In the past, the apps were also giving back data about the user’s device, including if some apps are installed and if the device enables apps from non-app store sources. This could be utilized to install more malicious software on a device.
Lukas Stefanko, one of ESET’s security researchers, said that the adware functionality is alike in all the apps that they analyzed.
The researchers also noticed that the apps would stop to see if an attacked device was joined to Google’s servers in an attempt to prevent detection.
If the apps believe they are being examined by Google Play’s security mechanisms, which keep the app store free from malicious apps, the adware payload will not be triggered.
Which Apps Contain Adware?
Some of the apps include Video Downloader Master, which got five million downloads.
Additionally, Ringtone Maker Pro, SaveInsta and Tank Classic are considered to be part of this group too, which have had 500,000 downloads respectively.
The researchers state a Vietnamese college sophomore may be behind the adware campaign.
Google excluded all of the offending apps, but the researchers cautioned that several were still accessible from third-party app stores.
A spokesperson verified all of the apps had been eliminated, but the search and mobile giant does not usually comment beyond confirming their removal.
For more updates and the latest tech news, keep reading iTMunch.