Earlier this month, Japanese IT security company, Trend Micro, discovered a host of adware-fueled apps for download in the Google Play Store. In total, the security company identified 85 apps masquerading as entertainment apps like:
- Remote control apps
Reports indicate that up to nine million users may have been infected by the adware with one app, ‘Easy Universal TV Remote’, pinpointed as the primary culprit. This specific app has been downloaded more than five million times.
What is the Adware Capable of?
At its core, adware has varying degrees of implications. It ranges from harmless, to aggravating downright dangerous.
According to Trend Micro, the hidden adware, in this case, is capable of the following:
- Displaying full-screen ads
- Monitoring a device’s screen unlocking functionality
- Running in the mobile device’s background
While the capabilities seem more like a bother than a danger, Trend Micro warns that some of the services could still compromise your device.
Have you Been Infected?
After testing each of the apps, Trend Micro has determined that even though the applications come from different makers and have different APK cert public keys, they share the same code and display the same behaviors indicating the same person could be behind them.
- After the adware is downloaded and launched on a mobile device, a full-screen ad initially pops up.
- Upon closing the first ad, call-to-action buttons such as “start,” “open app,” or “next,” as well as banner ads will appear on the mobile device’s screen.
- Tapping on the call-to-action buttons will bring up another full-screen ad.
- After the user exits the full-screen ad, more buttons that provide app-related options for users appear on the screen.
- Users are prompted to give the app a five-star rating on Google Play.
- If the user clicks on any of the buttons, a full-screen ad will pop up again.
- Next, the app will appear as though it is loading or buffering.
- After a few seconds, the app disappears from the user’s screen and hides its icon on the device.
- The fake app still runs in a device’s background after hiding itself.
Even though a user may think they have stopped the app, or that the ads have gone away, the adware is configured to show a full-screen ad every 15 to 30 minutes on the user’s device.
A comprehensive list of each app identified can be found here, on Trend Micro’s website.
Though the applications have been blocked from the app store since their discovery, users may still have them on their phone. If you are a victim of this scam, note the apps are still operational so it’s best to delete and uninstall them right away.
Protect Yourself in the Future
Be proactive to ensure you don’t download scam apps in the future. Before downloading from an app store, do your due diligence.
- Read the reviews: If the reviews in the app store indicate the application does not work well or it often crashes, this could be a sign the app is fraudulent.
- Gauge the annoyance: Though for most users, all ads are annoying, these faux apps will likely kick up the nuisance scale. Look for an unusually high amount of ads in the app that are also difficult to rid of, this could be a telltale sign of a sham.
- Monitor your battery life: Because these apps run in the background, it’s likely they are draining your battery, filling your data, and killing processing power. If your phone is unusually slow, check your running apps to see if any are running in the background.
- Read the app description: If the app is created by an unknown user, or if the description is riddled with misspelling and grammar errors, proceed with caution. This app might not be coming from a credible source.
Users of technology must constantly be on the lookout for bad actors. Stay diligent with cybersecurity protocol, and establish a routine for maintaining your health.
In addition to the aforementioned steps, it’s also best practice to routinely change your passwords to stay ahead of hackers, and never connect to public Wi-Fi. These additional precautionary steps can further eliminate the risk of bad actors from gaining access to your cell phone or laptop and conducting fraudulent activity.