As many as 30 malicious Android apps with cumulative downloads of nearly 10 million have been found in the Google Play Store distributing adware.
“They’re all built into various programs, including image editing software, virtual keyboards, system tools and utilities, calling apps, wallpaper collection apps, and others,” Dr.Web said in a Tuesday article.
Although they pretend to be harmless apps, their primary purpose is to ask permission to display windows over other apps and run in the background to display intrusive ads.
To make it difficult for victims to detect and remove the apps, adware trojans hide their icons from the list of installed apps on the home screen or replace the icons with others that are less likely to be noticed (e.g. SIM Toolkit) .
Some of these apps also provide the advertised features, as observed in the case of two apps: “Water Reminder- Tracker & Reminder” and “Yoga- For Beginner to Advanced”. However, they also stealthily load various websites into WebView and simulate user actions to click banners and advertisements.
Another set of apps has also been discovered that distributes the Joker malware in the form of launcher, camera, and emoji stickers apps that, when installed, subscribe users to paid mobile services without their knowledge and consent.
The third category of rogue apps concerns apps that pretend to be image-editing software, but are actually designed to break into Facebook accounts.
“At launch, they asked potential victims to log into their accounts and then loaded a real Facebook authorization page,” said Dr.Web researchers. “They then hijacked the authentication credentials and sent them to malicious actors.”
- Photo Editor: Beauty Filter (gb.artfilter.tenvarnist)
- Photo Editor: Retouch and Cut Out (de.nineergysh.quickarttwo)
- Photo Editor: Art Filters (gb.painnt.moonlightingnine)
- Photo Editor – Design Maker (en.twentynine.redaktoridea)
- Photo editor and background eraser (de.photoground.twentysixshot)
- Photo and Exif Editor (de.xnano.photoexifeditornine)
- Photo Editor – Filter Effects (de.hitopgop.sixtyeightgx)
- Photo filters and effects (de.sixtyonecollice.cameraroll)
- Photo Editor: Blur Image (de.instgang.fiftyggfife)
- Photo Editor: Cut, Paste (de.fiftyninecamera.rollredactor)
- Emoji Keyboard: Stickers and GIF (gb.crazykey.sevenboard)
- Neon Theme Keyboard (com.neonthemekeyboard.app)
- Neon Theme – Android Keyboard (com.androidneonkeyboard.app)
- Cashe Cleaner (com.cachecleanereasytool.app)
- Fancy charging (com.fancyanimatedbattery.app)
- FastCleaner: Cashe Cleaner (com.fastcleanercashecleaner.app)
- Caller Skins – Caller Themes (com.rockskinthemes.app)
- Funny Caller (com.funnycallercustomtheme.app)
- CallMe Phone Themes (com.callercallwallpaper.app)
- InCall: Contact Background (com.mycallcustomcallscrean.app)
- MyCall – Call Personalization (com.mycallcallpersonalization.app)
- Caller theme (com.caller.theme.slow)
- Caller theme (com.callertheme.firstref)
- Funny Wallpapers – Live Screen (com.funnywallpapaerslive.app)
- 4K Wallpapers Auto Changer (de.andromo.ssfiftylivesixcc)
- NewScrean: 4D Wallpapers (com.newscrean4dwallpapers.app)
- Stock Wallpapers & Backgrounds (de.stockeighty.onewallpapers)
- Notes – Reminders and Lists (com.notesreminderslists.app)
Last but not least, the app store also spotted a rogue communication app known as “Chat Online”, which entices users to give up their mobile phone numbers under the pretense of signing up for online dating services.
In another version of the same malware, a seemingly real conversation is started, only for the app to ask users to pay for premium access to continue the chat, incurring fraudulent charges.
While these apps have been removed, it’s no surprise that mobile malware has been proven to be resilient, as criminals are constantly finding new ways to circumvent Google’s set of protections.
Users are advised to exercise caution when downloading apps, Google Play or otherwise, and not grant extended permissions to apps. Enabling Google Play Protect and researching app reviews and ratings are other ways to protect devices from malware.