Another Group of 49 Android Apps Found to Be Adware in Disguise

• A new batch of malicious apps is discovered, and it has already been ousted from the Play Store.
• More than three million people downloaded the adware apps in total, so some are still running them.
• The apps come with heavy obfuscation and detection evasion techniques, especially on older Android versions.

We have reached the point where no day can pass without reporting about a new batch of malicious Android apps. As we have discussed before, Android devices are in the pockets of more than 2.5 billion people right now, so malicious actors won’t give up on trying to make a profit through Android adware apps, data stealing, user tracking, and coin mining. The victim pool is just too big, and the complexity of the vast ecosystem makes it hard for Google to put effective protection measures in place.

This time, the discovery was made by Trend Micro and it concerns 49 adware apps that were created to evade detection. The apps are disguised as games and "specialist" camera apps, but they are basically ad-serving malware. Google has already removed all of them from the Play Store. However, considering that they have been downloaded by more than three million users, many are bound to still have them running on their devices. Due to a large number of apps, the best that we can do is to give you the below image that depicts the 49 adware apps.

Source: Trend Micro blog

All of these apps disguise their icons and push full-screen intrusive ads that won’t allow the user to skip them. Their code is heavily obfuscated, and the strings are encoded by base64 as well as custom algorithms that use the package name as the key. The icons that are displayed instead of the actual ones usually resemble a popular browser, or the device’s default browser, creating confusion for the victim. Finally, the adware registers itself as a foreground service, so it runs at all times, cannot be stopped, won’t be affected by OS updates, and doesn’t need any form of interaction from the user.

Source: Trend Micro blog

These apps also create duplicate fake shortcuts if they run on Android 7 or older. Android 8 and later require the user’s consent for this action, so this annoyance doesn’t work on newer phones. If you have one of the above apps installed on your phone, you should notice an increased battery consumption, reduced device performance, and inexplicable mobile data charges. To make sure that you uproot the adware from your phone, your best bet would be to use a mobile security solution from a reputable vendor and perform a full system scan. Finally, don’t trust any APK sources other than the official Play Store.

Are you confident that adware on Android will soon be eradicated? Let us know what you think in the comments down below, or on our socials, on Facebook and Twitter.