Some of the popular Android apps available on Google Play seem to have a new malware – specifically adware, reports Avast, the antivirus software company. The three main malicious Android apps are the Durak card game, Russian History and an IQ test app, all of which have millions of downloads from Google Play. Interesting fact is that though the three apps are from different developers all seem to have the same malicious software installed.
Google, as soon as it got to know about the adware presence in these apps suspended them from the Google play listing.
When users unlock their smartphones that have these malicious Android apps installed, the malware acts in a way to display ads hidden as warning messages. This was first noted and informed by a user on Avast Forum along with a video showing how the malicious Android apps worked on the smartphone.
The user quoted that a dozen of apps on Google Play have same malicious ad SDK integrated. Every time the device gets unlocked an ad url opens up in the background or an interstitial ad shows up over the screen, all because of these malicious apps. Below is the video uploaded by the user.
Citing this on its forum, the antivirus software maker was quick to report that Avast Mobile Premium would detect such apps that display the adware. According to further reports, Avast is working on analyzing more apps other than the three apps mentioned above to find out if there are any more popular apps with the malware as according to the comment by the user on the forum, there seems to be dozen of apps infected with this malware.
Explaining on this, Filip Chytry, Avast researcher in his blog post states that first the malware was discovered and noted to the company by a comment on the Avast forums, which he initially didn’t think much about it.
However, when he further examined about the matter realized that the apps with the malware were actually found having quite a large target audience. First and foremost, these apps are available in Google Play with huge target audience in both English-speaking countries and other language countries. Next, these apps have been already downloaded by millions of users assuming Google Play’s app to be accurate.
Something that surprised Chytry is that the ads displayed by these apps lead to some legitimate companies. For example, Quihoo 360, the antivirus provider was one among the target. It could be that these companies are not marketing their services via adware but the possibility being that these malware authors get benefitted with some kind of referral scheme.
Also Read: Top 10 Best Free Adware Removal Tool
How the adware works?
The malicious apps are brilliant in the way they display the advertisements. The apps remain calm until the device gets restarted at least once. They do not show the ads immediately after getting installed on to the device, instead they wait for several days. At times they even stay composed for a month after the app has been installed on the phone before they could show the adware. And then every time users unlock their phones, the ads appear with the warning messages stating “your device is infected, out of date or full of porn.”
According to Chytry, some of the apps show their true colours after waiting for up to 30 days. After 30 days, not many users would be able to know as to which app is causing the trouble on their phone. These warning messages that pop up every time users unlock their devices are prank messages meant to redirect the users to harmful threats like downloading other malware-laden apps which include the ones sending premium SMSes or may be the ones which collect personal data.
Also it could be as concerned by Chytry that in some cases the users might get directed to other antivirus and security apps available on Google Play, which could probably be the work of companies or developers in a way to promote their apps through this adware. The end result even after getting these security apps installed from Google Play would be the repeating of the same malicious messages.
With Android taking control of a huge portion in the smartphone market, it becomes important to consider these kind of problems like malware, spam, adware and many more seriously. According to Avast, it is now in contact with the antivirus company to which the malicious Android apps were redirecting their users and the company is now investigating the matter.
And yes, this is not the first time for Android apps getting affected with malicious behavior. If noted, in the past there were reports indicating that about 99 mobile devices out of every 100 devices falling prey to malware are Android run devices. Even last year, one of a high paid app on Google Play store was discovered fake.
Caution, users are requested to be careful while downloading apps even from Google Play store, recommended reading reviews thoroughly and choosing trusted developers.
Post in your views and suggestions with regards to the article in the comments section below. Anything more to be added to the article can also be noted in the section below.