Aggressive adware in Google Play apps
Bitdefender has discovered 10 Google Play apps that have been packed full of aggressive adware. These either subscribe users to premium-rate numbers using scareware messages or install additional apps that incorporate even more ads.
The apps (including the “What is my ip?’ app) were designed to use a different name when installed to give users a hard time identifying and uninstalling them.
Catalin Cosoi, Chief Security Strategist at Bitdefender, states, “Once installed, these apps create a desktop shortcut named “System Manager’. Even if someone figures out that one of these apps is responsible for all the browser redirects and scareware messages, they’ll have a hard time locating and uninstalling the app as it hides under the misleading new name. Less tech-savvy users will likely be thrown off the scent, with the app remaining installed and running indefinitely.”
One reason the apps may have circumvented Google’s vetting is because the URL used to redirect users doesn’t actually disseminate malicious .apk files. Its purpose is to redirect browsers – Android’s native browser, Chrome, Firefox, Facebook or even TinyBrowser – to a specially created URL that navigates users from one ad-displaying website to another.
Catalin Cosoi adds, “Although they’re not malicious per se, by broadcasting sensitive user information to third parties, they resemble aggressive adware found on desktop PCs. The resulting barrage of pop-ups, redirects and ads irks users and seriously damages both the user experience and the performance of Android devices.”
For each browser search, clicked URL, or Facebook-opened link, users are redirected to a webpage that displays a variety of geolocation-specific ads intended to either scare viewers into subscribing to premium-rate numbers, for an alleged security subscription, or trick them into installing more adware disguised as system or performance updates.
These ill-intended apps only require two permissions, Network Communication and System Tools, but can still cause a sizeable headache and trick users into downloading device-clogging apps and adware.