UPDATED 13:23 EDT / JANUARY 05 2018

APPS

Millions of Android users downloaded malicious flashlight apps on Google Play

Proving that flashlight apps are still as sketchy as ever, Google LLC has removed 22 malicious flashlight apps from Google Play after cybersecurity company Check Point Software Technologies Ltd. discovered that the apps were loaded with adware.

Apps containing the adware, which Check Point calls “LightsOut,” had been downloaded by between 1.5 million to 7.5 million Android users before they were finally removed from Google’s store.

According to Check Point, LightsOut forces users to interact with ads before allowing them to answer calls or perform other activities on their device. The ads could be triggered by a number of different events, including ending a call, plugging in a charger, locking the device and  others. Check Point said that LightsOut could override user settings to disable the ads, and some users still saw the ads even after they paid for a supposedly ad-free version of the infected app.

“Despite the vast investment Google has recently made in the security of their App Store, ‘LightsOut’ reminds us once again that users need to be wary of downloading from App Stores and are advised to have a ‘Plan B’ in the form of an advanced mobile threat defense solution that goes beyond anti-virus,” Check Point said in a blog post. “Many users are still unaware of the dangers lurking for them, and continue to install apps such as fishy flashlights.”

Check Point’s discovery raises several questions about the effectiveness of Google’s security for its app store, and this is not even the first time that Check Point has informed Google about malicious apps on its platform. Check Point alerted Google in May about a malware named “Judy,” which infected up to 36.5 million devices. Less than two months later it alerted Google about another malware called “CopyCat,” which infected at least 14 million devices.

In interview with Fortune, Check Point security researcher Daniel Padon praised Google’s success in blocking more serious threats such as ransomware, but he noted that Google has trouble spotting subtler malware that users might not notice for some time. According to Padon, malware downloads on Google Play more than doubled between 2016 and 2017, and he encourages consumers to download security software for their devices.

Padon added that users should probably also stop downloading flashlight apps in the first place.

Photo: Blogtrepreneur via Flicker (license)

A message from John Furrier, co-founder of SiliconANGLE:

Support our open free content by sharing and engaging with our content and community.

Join theCUBE Alumni Trust Network

Where Technology Leaders Connect, Share Intelligence & Create Opportunities

11.4k+  
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+ 
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.

SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.