SECURITY
SECURITY
SECURITY
Trend Micro exposes 85 adware apps on Google Play with 8M+ downloads
Google LLC has built security mechanisms into Google Play to keep malicious Android apps out, but occasionally cybercriminals find a way to jump the moat.
Researchers from antivirus maker Trend Micro Inc. today revealed that they’ve discovered a family of 85 adware-laced applications on the marketplace. The apps, which Google removed after being notified by the company, had been downloaded more than 8 million times by Android users.
Mobile adware always follows the same modus operandi. Cybercriminals bundle intrusive ad components into seemingly innocuous apps, such as games, and display promotions on the user’s device to generate fraudulent advertising revenue. The adware apps exposed by Trend Micro use several creative methods to maximize the illicit earnings they generate off unsuspecting consumers.
To start, the apps actively take steps to evade detection. They start a timer right after being installed on a user’s device and stay dormant for 30 minutes. This helps conceal the adware from mobile antiviruses, which automatically quarantine software that starts displaying unusual activity soon after being downloaded.
“Every time the user unlocks the device, the adware will perform several checks …. with these, the adware-embedded app can determine if it has been installed on the device long enough,” Trend Micro mobile threat response engineer Ecular Xu wrote in a blog post. “To evade detection, the app uses Java reflection — which enables the runtime behaviors of an application to be inspected or modified — and encodes the API strings in base64.”
The adware is also hard to delete. Upon installation, the malicious apps replace their icon on the Android home screen with a shortcut, which unlike a default icon can’t be removed by dragging it the trash bin.
The apps enable their creators to remotely control ad delivery. The cybercriminals can run promotions at more frequent intervals than in a standard Android application and make sure a promotion isn’t displayed multiple times in a row.
“The frequency of ads being displayed can be remotely configured by the fraudster (the default is five minutes), so it could exacerbate the nuisance for users,” Trend Micro’s Xu wrote.
Trend Micro’s report represents only the latest in a series of adware discoveries on Google Play. In March, Check Point Software Technologies Ltd. exposed an Android adware family dubbed SimBad that had been downloaded nearly 150 million times. Previously, Check Point uncovered a series of faux flashlight apps that infected as many as 7.5 million Android devices with ad-pushing code.
Photo: Unsplash
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
