Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Threat Management, Threat Management, Malware, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

49 Google Play app titles found to deliver pesky ads

Researchers recently uncovered 49 adware-laced Android apps that were downloaded from the Google Play store more than 3 million times, collectively, before they were reportedly removed.

Many of the apps were disguised as games, video editors and stylized photo and filter programs. Sample titles included Cut Out Studio Pro, Tattoo Maker, Bubble Effect, CLOWN MASK, Magazine Cover Studio and Music Video Maker.

Users who downloaded the apps have complained in reviews of repeated and intrusive full-screen pop-up ads, as well as ads that pop up when users either click or unlock the screen, according to a Nov. 7 Trend Micro blog post written by company researcher Jessie Huang. Moreover the adware registers itself as a foreground service so it can run whether or not the device owner is actively using the downloaded app.

"The continuous display of ads popping up will consume the battery of the phone, which is an issue that has been around for years," Huang states in the blog post. "And it will also affect the memory: Since the running process is considered a foreground service, the system sees it as something the user is actively aware of and will not terminate it even if the device is low on memory."

The adware also plasters the home screen with multiple shortcuts that look like the icon for the Chrome browser. Meanwhile, the actual adware icon remains hidden.

Clicking on the fake icon opens a blank web page that gets refreshes into -- you guessed it -- another full-screen ad. Clicking the "Recent Screen" button to determine where the ad came from yields no satisfaction, Trend Micro reports, because no information is visibly displayed.

"Deleting the fake browser shortcuts seen on the screen will not delete the app; instead, the user has to go to the phone settings and find the app in the applications section to uninstall it," Huang explains.

Making matters worse, the ads are difficult to escape from, as they can be closed only by clicking the "back" or "home key. And to avoid detection, the adware uses heavily obfuscated code, and upon installation it delays its malicious activity for a time so that users don't suspect that the app they just installed is responsible for their sudden influx of advertisements.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.