Across the globe, adware disguised as 85 game, TV, and remote control simulator apps in the Google Play store have been downloaded nine million times.
Trend Micro researchers spotted the adware which has the ability to display full-screen sized ads, hide itself, monitor a device’s screen unlocking functionality and run in the device’s background, according to a Jan. 8 blog post.
One of the malicious apps, “Easy Universal TV Remote,” claims to offer users the ability to control their TV and is the most downloaded of the bunch for a total of five million times.
Despite having maintaining an average review score of 3.9 at the time researchers spotted it, the malicious app’s comments were riddled with negative reviews including complains of the app appearing to vanish from the device despite being downloaded multiple times.
Other reviews claimed the app simply didn’t work once installed. Another app posed as a racing game and after users made their way their a few intro menus, pretends to buffer or load while still maliciously operating in the background.
The app would then occasionally display a full screen ad every 15-30 minutes on a user’s device while other fake apps monitored a user’s screen unlocking action to show an ad each time the user unlocked their device.
“We tested each of the fake apps related to the adware family and discovered that though they come from different makers and have different APK cert public keys, they exhibit similar behaviors and share the same code,” researchers said in the post.
Researchers reported their findings to Google and after verifying the reports, promptly removed them from the Google Play store.
While the fake apps could have been removed manually via the device’s uninstall feature, researchers noted this may be particularly difficult to access when full screen ads are frequently displaying on a user’s device every time they unlock their screen.