UPDATED 13:29 EST / AUGUST 16 2019

SECURITY

Trend Micro exposes 85 adware apps on Google Play with 8M+ downloads

Google LLC has built security mechanisms into Google Play to keep malicious Android apps out, but occasionally cybercriminals find a way to jump the moat.

Researchers from antivirus maker Trend Micro Inc. today revealed that they’ve discovered a family of 85 adware-laced applications on the marketplace. The apps, which Google removed after being notified by the company, had been downloaded more than 8 million times by Android users.

Mobile adware always follows the same modus operandi. Cybercriminals bundle intrusive ad components into seemingly innocuous apps, such as games, and display promotions on the user’s device to generate fraudulent advertising revenue. The adware apps exposed by Trend Micro use several creative methods to maximize the illicit earnings they generate off unsuspecting consumers.

To start, the apps actively take steps to evade detection. They start a timer right after being installed on a user’s device and stay dormant for 30 minutes. This helps conceal the adware from mobile antiviruses, which automatically quarantine software that starts displaying unusual activity soon after being downloaded.

“Every time the user unlocks the device, the adware will perform several checks …. with these, the adware-embedded app can determine if it has been installed on the device long enough,” Trend Micro mobile threat response engineer Ecular Xu wrote in a blog post. “To evade detection, the app uses Java reflection — which enables the runtime behaviors of an application to be inspected or modified — and encodes the API strings in base64.”

The adware is also hard to delete. Upon installation, the malicious apps replace their icon on the Android home screen with a shortcut, which unlike a default icon can’t be removed by dragging it the trash bin.

The apps enable their creators to remotely control ad delivery. The cybercriminals can run promotions at more frequent intervals than in a standard Android application and make sure a promotion isn’t displayed multiple times in a row. 

“The frequency of ads being displayed can be remotely configured by the fraudster (the default is five minutes), so it could exacerbate the nuisance for users,” Trend Micro’s Xu wrote.

Trend Micro’s report represents only the latest in a series of adware discoveries on Google Play. In March, Check Point Software Technologies Ltd. exposed an Android adware family dubbed SimBad that had been downloaded nearly 150 million times. Previously, Check Point uncovered a series of faux flashlight apps that infected as many as 7.5 million Android devices with ad-pushing code.  

Photo: Unsplash

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU