Menu
Scareware found hidden in Google Play apps downloaded by millions

Scareware found hidden in Google Play apps downloaded by millions

Days after installation the apps started displaying fake warning messages promoting other rogue apps and services

Google has done a good job at keeping data-stealing Trojan apps out of Google Play, but attackers still find ways to monetize rogue apps through the store.

Avast Software researchers recently found three apps on Google Play with hidden adware functionality that was designed to activate days after the apps were installed. The rogue applications -- a game called Durak, an IQ test and a history app -- had been downloaded millions of times.

When people first install Durak, it looks and acts like a normal gaming app, Avast researcher Filip Chytry said in a blog post Tuesday. "This impression remains until you reboot your device and wait for a couple of days. After a week, you might start to feel there is something wrong with your device."

Specifically, every time users unlock their phones, the app displays persistent ads claiming the device and its data are at risk.

Users are asked to act, but if they do, they run into real trouble, according to the researcher. For example, they may get redirected to questionable app stores and to apps that surreptitiously attempt to send premium text messages on behalf of the users. People may also encounter apps that collect too much of their information without offering much value.

If this sounds familiar, it's because the scheme is similar to the highly effective scareware scams that have plagued PC users for years by spooking them into installing rogue antivirus programs or system optimization tools using fake warnings.

Delaying the warning messages for several days is a clever technique by the rogue developers because users will have a hard time determining which app is responsible for the alerts, and that's assuming they even suspect that the messages are triggered by an app.

Also, apps uploaded to Google Play are scanned inside an Android emulator called Bouncer to observe their post-installation behavior. By delaying the malicious activity, the app authors likely hope to bypass this behavior-based analysis.

"I believe that most people will trust that there is a problem that can be solved with one of the apps' advertised 'solutions' and will follow the recommended steps, which may lead to an investment into unwanted apps from untrusted sources," Chytry said.

In some cases the rogue ads directed users to legitimate security apps that were also hosted on Google Play, probably in an attempt to earn money through referral schemes.

"These security apps are, of course, harmless, but would security providers really want to promote their apps via adware?" Chytry said. "Even if you install the security apps, the undesirable ads popping up on your phone don't stop."

Google has removed the three offending applications identified by Avast from Google Play. However, the incident shows that although Trojans account for most Android malware, other types of threats also lurk on the official app store.

Google didn't immediately respond to a request for comment.


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags securitymalwaremobile securityGooglescamsAvast Software

Featured

Slideshows

Looking back at the top 15 M&A deals in NZ during 2017

Looking back at the top 15 M&A deals in NZ during 2017

In 2017, merger and acquisitions fever reached new heights in New Zealand, with a host of big name deals dominating the headlines. Reseller News recaps the most important transactions of the Kiwi channel during the past 12 months.

Looking back at the top 15 M&A deals in NZ during 2017
Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Show Comments