Menu
Scareware found hidden in Google Play apps downloaded by millions

Scareware found hidden in Google Play apps downloaded by millions

Days after installation the apps started displaying fake warning messages promoting other rogue apps and services

Google has done a good job at keeping data-stealing Trojan apps out of Google Play, but attackers still find ways to monetize rogue apps through the store.

Avast Software researchers recently found three apps on Google Play with hidden adware functionality that was designed to activate days after the apps were installed. The rogue applications -- a game called Durak, an IQ test and a history app -- had been downloaded millions of times.

When people first install Durak, it looks and acts like a normal gaming app, Avast researcher Filip Chytry said in a blog post Tuesday. "This impression remains until you reboot your device and wait for a couple of days. After a week, you might start to feel there is something wrong with your device."

Specifically, every time users unlock their phones, the app displays persistent ads claiming the device and its data are at risk.

Users are asked to act, but if they do, they run into real trouble, according to the researcher. For example, they may get redirected to questionable app stores and to apps that surreptitiously attempt to send premium text messages on behalf of the users. People may also encounter apps that collect too much of their information without offering much value.

If this sounds familiar, it's because the scheme is similar to the highly effective scareware scams that have plagued PC users for years by spooking them into installing rogue antivirus programs or system optimization tools using fake warnings.

Delaying the warning messages for several days is a clever technique by the rogue developers because users will have a hard time determining which app is responsible for the alerts, and that's assuming they even suspect that the messages are triggered by an app.

Also, apps uploaded to Google Play are scanned inside an Android emulator called Bouncer to observe their post-installation behavior. By delaying the malicious activity, the app authors likely hope to bypass this behavior-based analysis.

"I believe that most people will trust that there is a problem that can be solved with one of the apps' advertised 'solutions' and will follow the recommended steps, which may lead to an investment into unwanted apps from untrusted sources," Chytry said.

In some cases the rogue ads directed users to legitimate security apps that were also hosted on Google Play, probably in an attempt to earn money through referral schemes.

"These security apps are, of course, harmless, but would security providers really want to promote their apps via adware?" Chytry said. "Even if you install the security apps, the undesirable ads popping up on your phone don't stop."

Google has removed the three offending applications identified by Avast from Google Play. However, the incident shows that although Trojans account for most Android malware, other types of threats also lurk on the official app store.

Google didn't immediately respond to a request for comment.


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags Googlesecuritymobile securityscamsmalwareAvast Software

Featured

Slideshows

Channel celebrates as HP marks 50 years in NZ

Channel celebrates as HP marks 50 years in NZ

HP marked 50 years in New Zealand at an event in the vendor's Auckland's headquarters last night, with a host of key channel figures coming along to celebrate. Photos by HP.

Channel celebrates as HP marks 50 years in NZ
EDGE 2017 - Icebreaker Sessions round 2

EDGE 2017 - Icebreaker Sessions round 2

EDGE guests experience the value of networking at the second round of Icebreaker sessions.. Photos by Maria Stefina

EDGE 2017 - Icebreaker Sessions round 2
EDGE 2017 Dinner Under the Stars

EDGE 2017 Dinner Under the Stars

EDGE's Day 2 keynote and breakout sessions were followed by the Dinner Under the Stars. Over 300 people were present to enjoy a seafood feast and lots of excitement at Hamilton Island's Bougainvillea Marquee. Photos by Maria Stefina.

EDGE 2017 Dinner Under the Stars
Show Comments