Menu
Scareware found hidden in Google Play apps downloaded by millions

Scareware found hidden in Google Play apps downloaded by millions

Days after installation the apps started displaying fake warning messages promoting other rogue apps and services

Google has done a good job at keeping data-stealing Trojan apps out of Google Play, but attackers still find ways to monetize rogue apps through the store.

Avast Software researchers recently found three apps on Google Play with hidden adware functionality that was designed to activate days after the apps were installed. The rogue applications -- a game called Durak, an IQ test and a history app -- had been downloaded millions of times.

When people first install Durak, it looks and acts like a normal gaming app, Avast researcher Filip Chytry said in a blog post Tuesday. "This impression remains until you reboot your device and wait for a couple of days. After a week, you might start to feel there is something wrong with your device."

Specifically, every time users unlock their phones, the app displays persistent ads claiming the device and its data are at risk.

Users are asked to act, but if they do, they run into real trouble, according to the researcher. For example, they may get redirected to questionable app stores and to apps that surreptitiously attempt to send premium text messages on behalf of the users. People may also encounter apps that collect too much of their information without offering much value.

If this sounds familiar, it's because the scheme is similar to the highly effective scareware scams that have plagued PC users for years by spooking them into installing rogue antivirus programs or system optimization tools using fake warnings.

Delaying the warning messages for several days is a clever technique by the rogue developers because users will have a hard time determining which app is responsible for the alerts, and that's assuming they even suspect that the messages are triggered by an app.

Also, apps uploaded to Google Play are scanned inside an Android emulator called Bouncer to observe their post-installation behavior. By delaying the malicious activity, the app authors likely hope to bypass this behavior-based analysis.

"I believe that most people will trust that there is a problem that can be solved with one of the apps' advertised 'solutions' and will follow the recommended steps, which may lead to an investment into unwanted apps from untrusted sources," Chytry said.

In some cases the rogue ads directed users to legitimate security apps that were also hosted on Google Play, probably in an attempt to earn money through referral schemes.

"These security apps are, of course, harmless, but would security providers really want to promote their apps via adware?" Chytry said. "Even if you install the security apps, the undesirable ads popping up on your phone don't stop."

Google has removed the three offending applications identified by Avast from Google Play. However, the incident shows that although Trojans account for most Android malware, other types of threats also lurk on the official app store.

Google didn't immediately respond to a request for comment.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwaremobile securityGooglescamsAvast Software

Featured

Slideshows

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

More than 500 channel leaders gathered in Auckland on 21 October at the ​Reseller News Innovation Awards ​2020 to celebrate the achievements of the New Zealand technology industry's top partners, start-ups, vendors, distributors and individuals.

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners
Meet the winners of the 2020 Reseller News Innovation Awards

Meet the winners of the 2020 Reseller News Innovation Awards

Reseller News honoured the standout players of the New Zealand channel in front of more than 500 technology leaders in Auckland on 21 October, recognising the achievements of top partners, start-ups, vendors, distributors and individuals.

Meet the winners of the 2020 Reseller News Innovation Awards
Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Show Comments