Photo Credit: Symantec
- Once downloaded, the app icon is hidden
- These apps then show full-screen ads at random
- Best practice is to not download apps from untrusted sources
Android apps that unethically serve adware and malware are on the rise. A new report from Symantec sheds light on a whole set of new apps that are serving malware and adware to earn revenues in an illegal manner. These apps, 25 of them in total, have been downloaded almost 2.1 million times from Google Play Store, the company said. All of these malicious apps are claimed to have been removed, after Symantec reported them to Google.
These 25 apps disguised themselves as photo utility or fashion apps to trigger downloads. They were published under 22 different developer accounts, but shared similar code structure and app content. Symantec suggests that these apps may have been developed by the same organisational group, or at least using the same source code base.
Once you install these malware apps, the app icon is visible on the device, but it soon disappears after a code is executed remotely. Then full-screen ads start showing up on your phone at sporadic intervals, interrupting the user. The ads do not give out any hint on which app is triggering them, and because the app icon has disappeared, often users are left scrambling not knowing what to do to get rid of the intrusive ads.
Symantec also notes that two versions of the app are also listed on Google Play Store – one that is a non-malicious version and a second one that contains adware. The clean version can rank in Google Play charts, but there is a probability that the malicious version also gets download by virtue of error. An app called Auto Blur Photo made by developer Burnerfock had two versions on the Play Store. The non-malicious version was present in Google Play’s Top App Charts in the Top Trending Apps category, ranking number 7 on the list.
These 25 apps are different from the others as they manage to hide app icons without hard-coding the function into the APK. The programming is done using a built-in remote switch which Google cannot catch in its testing phase. The research firm says, “Monetary gain from advertising revenue is likely the motivating factor behind these apps. Thanks to the apps’ ability to conceal their presence on the home screen, users can easily forget they downloaded them. As such, the malware authors can freely and aggressively display advertisements to users, with minimal evidence leading back to them.”