Google pulls 85 adware apps downloaded nine million times from Google Play
- 09 January, 2019 07:57
Google has removed 85 Android apps from Google Play that were found to be a front for running adware on devices they were installed on.
All 85 apps carried the same adware family and were posing as legitimate game, TV, and remote control simulator apps. In total, the 85 apps were downloaded 9 million times from Google Play before researchers at Trend Micro alerted Google to the issue.
A single app, called Easy Universal TV Remote, was responsible for over half of the nine million downloads, exceeding five million. It may have attracted such a high number of downloads because of its 3.9 out of five star user review rating. However several one star reviews between November 21, 2018 and January 1, 2019 show users were not happy with their experience, according to a Google cache of the app's Play Store page.
A review on December states: “I downloaded this app, opened it and tried to setup and it vanished into thin air.”
Another review on November 21 notes that the app “disappeared from my phone, but appeared to be installed. My guess is it continued to run ads hidden in the background. Pure scam.”
The January 1 review says the app just “locked down”. “I don’t know if it was because I did not rate it or that I clicked on the settings but it shows up nowhere on my phone,” the user wrote.
Trend Micro's analysis found that’s more or less how the 85 apps operated. After opening one of the apps, users are prompted to press buttons in the app like “start" or “next”, during which time ads are displayed on the device.
Tapping the buttons leads to a full screen ad, and then efforts to exit the ad lead to more bogus buttons, including a prompt for the user to give the app a five star rating on Google Play. After that, more ads and then the user is told the app is loading, but it never does and then vanishes from the home screen.
“However, after a few seconds, the app disappears from the user’s screen and hides its icon on the device. The fake app still runs in a device’s background after hiding itself. Though hidden, the adware is configured to show a full-screen ad every 15 or 30 minutes on the user’s device,” writes Trend Micro’s Ecular Xu.
Some of the apps also monitor for screen unlock events and then shows an ad at the point it is unlocked. Trend Micro has posted a list of all 85 apps.
The security firm recently also found a bunch of spyware apps on Google Play from where users from 196 countries had downloaded them over 100,000 times. The malware in the seemingly harmless apps is capable of stealing user location data, SMS conversations, call logs and clipboard items. It also presented phishing pages for Google and Facebook mobile login pages.