At least 15 apps on Google Play Store were found to be engaging in generating frequent, large, and intrusive ads. The adware apps were hiding their app icons in the launcher to make it difficult for users to find and remove them.
Several of them went a step further by disguising themselves in the phone’s app settings page, security researchers at global cyber security major Sophos said. According to the Google Play Store pages for these apps, over 1.3 million devices worldwide have installed at least one of them.
Adware app attempts detailed
“When first launched, the app displays a message that says ‘This app is incompatible with your device!’ You might think that the app has crashed, because, after this ‘crash,’ the app opens the Play Store and navigates to the page for Google Maps, to mislead you into thinking that the ubiquitous Maps app is the cause of the problem.
“It is not. This is a ruse,” Andrew Brandt, Principal Researcher, SophosLabs, said in a statement. These apps then hide their own icon so they do not show up in the launcher’s app tray. Nine out of the batch of 15 apps had deceptive application icons and names. These apps were chosen because they might plausibly resemble an innocuous system app.
Joker Malware infects 24 Android apps
In September, security researcher Aleksejs Kuprins, discovered the malware that is designed to silently sign users up for subscription services. And this isn’t something users will easily notice unless they diligently check their monthly credit card statements. As many as 24 apps with over 472,000 downloads have been infected by the malware.
“For example, in Denmark, Joker can silently sign the victim up for a 50 DKK/week service (roughly ~6,71 EUR). This strategy works by automating the necessary interaction with the premium offer’s webpage.” The operator’s offer code is then entered, followed by waiting for an SMS message. This will have the confirmation code which will be extracted using regular expressions. Finally, the Joker submits the extracted code to the offer’s webpage, in order to authorize the premium subscription,” Kuprins said in a Medium post.
With inputs from IANS.