Firstly, if you got any of these apps installed on your android device, you need to uninstall it immediately. Google Removes malicious apps, adware from the play store.
Cybersecurity researchers identified 42 apps on Google PlayStore with a total of more than 8 million downloads. They were initially launched as legitimate apps but later updated to display full-screen advertisements to their users maliciously.
Tech Giant, Google Removes 42 Malicious Apps from PlayStore.
Discovered by ESET security researcher Lukas Stefanko, their adware applications were developed by a Vietnamese university student. It quickly got tracked likely because he never bothered to hide his identity.
Since all these 42 adware applications provide original functionalities they promised. It’s quite tricky for most users to spot rogue apps or find anything suspicious.
Adware Tricks for Resilience and Stealth
Dubbed “Ashas” adware family, the malicious apps required to establish a connection with the remote server. The app automatically sends necessary information about the Android device with one of these apps installed on your device.
This Adware application then receives configuration files from the control server as per the attacker’s choice on the victim’s smartphone. Lastly and most importantly applies several tricks for resilience and stealth, some of them are reported mentioned below.
To hide its malicious functionality form google play security mechanism. The apps first check for the IP address of the infected device. If App detects the range of known IP addresses of the Google Servers, the application won’t trigger the Adware Payload file. To prevent the users from immediately associating the unwanted ads displayed with this app, the developer also added a range of functionalities to set a custom delay between displaying ads and the installation of the app. Also, the apps hide their icons on the android phone’s menu and create a shortcut in an attempt to prevent uninstallation.
What’s interesting? If the affected user heads on the ” recent apps” button to check which app has served these ads, the adware displays facebook or google icons to look legitimate and avoid suspicion, tricking the user into believing the ads are viewed by genuine service. However, Google Removes 42 Malicious Apps from PlayStore and warns users to uninstall from further damaging their smartphones.
Though Stefanko did not talk much about the kind of advertisements the adware serves to the infected users, adware typically bombards infected device with ads, mostly leading to scam, malicious, and phishing websites.
Stefano reported the google security team of his findings; the company removed the apps in question form play store platform. However, if you have downloaded any the above-listed rogue apps on your android device, I recommended to you uninstall immediately form your device.