Authored by: Kate O'Flaherty, freelance cybersecurity journalist
Google’s Android Play Store is increasingly under fire for allowing malware ridden apps to plague its users. But another warning has been issued to Android users after researchers at ESET discovered a year-long campaign that saw 8 million installs of adware delivered through 42 apps.
Half of those apps had already been removed by Google at the time ESET reported them. All the apps have since been removed by Google, however they are still available in third party stores, Lukas Stefanko, ESET malware researcher, said.
Adware is a type of malware that hides on your device so it can serve you unwanted adverts, including scam ads. On top of this, adware-containing apps can drain battery resources, increase network traffic and gather your personal information.
In this case, the rogue apps are especially difficult to spot. Each one provides the functionality promised–such as video downloading, gaming and radio play–as well as the adware.
In order to stay hidden, the apps try to determine whether they are being tested by the Google Play security mechanism, and delay the display of ads until well after the device is unlocked, hiding their icons and creating shortcuts instead.
Once on the device, the adware delivers ads displayed as full-screen activity. When a user tries to check which app is responsible for the ad being displayed, the app impersonates Facebook or Google. “The adware mimics these two apps to look legitimate and avoid suspicion–and stay on the affected device for as long as possible,” says Stefanko.
Impressively, he also managed to track down the adware’s developer using open source information.
Apple users might also want to check their phones: the malicious developer has apps in Apple’s App Store, according to ESET. Some of these are iOS versions of the apps removed from Google Play, however they do not contain adware functionality.
ESET detects the adware, collectively, as Android/AdDisplay.Ashas.
Google Android adware: The affected apps
Here are the 21 apps affected by the adware at the time Stefanko reported them. His blog contains the “package names” (unique IDs for app names) of the remaining 21 apps. If you are worried, there are services such as AppBrain that can help you to track the package name to the app.
It goes without saying that if you have any of these installed, you should delete them now.
The 21 Google Play apps affected when ESET reported the Android adwareto Google.
Downloading apps: The Google Android Play Store problem
While adware might not be as damaging as some other forms of malware, the fact that it can sneak into the official Android app store so easily is “disturbing,” Stefanko says.
It seems that malware is hitting the Google Play Store increasingly often. Stefanko’s also the researcher responsible for a report that details all the reported malicious apps on Google Play within a given month.
In August I reported that a Spyware app had hit the Play Store twice. Meanwhile, during the same month, security researchers at Trend Micro found adware that had impacted 8 million users.
Independent security researcher Sean Wright thinks Google needs more scrutiny over its Play Store. “Google has a team of researchers Project Zero, who scrutinize other apps and services. Perhaps Google should now start to look at scrutinizing its own Play Store given the sheer volume of malicious apps which have been identified in it–most often via organizations outside of Google. They are a large company so it’s likely that they have the resources to tackle this.”
Android’s a much more open and fragmented operating system than its main rival Apple’s iOS. It’s therefore important that you take extra security measures to protect your device.
“Users should protect their devices by sticking with basic cybersecurity principles and using a quality security solution,” Stefanko advises.
At the same time, always also make sure that you only install applications via the official Play Store, Wright warns.
Overall, it’s important to be careful. Read the reviews before you download an app and do not allow apps more permissions than they need to be able to function properly.