android adware
  • Sophos warns about 15 adware apps that were previously downloaded by 1.3 million users.
  • The apps employ various hiding and deception techniques and try to make their uninstallation difficult.
  • Some of these apps were uploaded on the Play Store before, with the same names and the same malicious ad-serving code.

Sophos Labs researchers have discovered 15 Android apps that hide malicious ad-serving code and functionality. The apps were available for download on the official Google Play Store, and have been installed on more than 1.3 million devices so far. All of them have been introduced to the store in 2019, with the most popular being “Free Calls & Messages”, “Auto Cut Out Pro”, “Background Cut Out Pro”, and “Photo Background Editor”. Interestingly, some of these apps have been found to feature ad-serving code before and were removed from the app store in the past.

Source: Sophos News

All 15 of the discovered apps hide their respective app icons from the launcher in order to make it harder for the user to locate them and remove them. Some take an extra step in the deception, disguising themselves in the App Settings list so that users cannot figure out what is what. The “Free Calls & Messages” is even tricking users by making them believe that it has never run on the device in the first place. When trying to launch it for the first time, it displays a fake message that reads: “This app is incompatible with your device!”. It then launches Google Maps as a distraction and proceeds to hide its icon from the launcher.

Once the deception is established, the apps use a library named “koolib” to install an ad-serving service and start pushing obstructive, annoying, full-screen, attention-grabbing ads. Obviously, many users have realized the culprit behind the destructed user experience on their phone, and there are thankfully quite a lot of Play Store reviews to reflect and uncover the true nature of these apps. Unfortunately, though, the apps continued to infect thousands of new devices each week, and they are reportedly very hard to remove/uninstall.

ad-serving code
Source: Sophos News

Google accepted the Sophos report and removed the apps from the store, but those who had them installed on their phones will continue to be served with ads. Below is a full list of the 15 Android apps that you should remove from your device. Remember, these apps may or may not be from the same author, who has managed to get them to the Play Store at least twice, and this means that we may see them again there in the future.

  • free.calls.messages
  • com.a.bluescanner
  • com.d.bluemagentascanner
  • com.doo.keeping
  • com.e.orangeredscanner
  • cos.mos.comprehensive
  • com.garbege.background.cutout
  • com.hanroom.cutbackground
  • com.jiakebull.picture.background
  • com.huankuai.autocut.picture

Do you tend to use photo editors from obscure developers on Android, or do you only use paid apps from trustworthy vendors? Let us know in the comments down below, or on our socials, on Facebook and Twitter.