New Set of Icon-Hiding Android Adware Apps Discovered on the Play Store

  • Sophos warns about 15 adware apps that were previously downloaded by 1.3 million users.
  • The apps employ various hiding and deception techniques and try to make their uninstallation difficult.
  • Some of these apps were uploaded on the Play Store before, with the same names and the same malicious ad-serving code.

Sophos Labs researchers have discovered 15 Android apps that hide malicious ad-serving code and functionality. The apps were available for download on the official Google Play Store, and have been installed on more than 1.3 million devices so far. All of them have been introduced to the store in 2019, with the most popular being “Free Calls & Messages”, “Auto Cut Out Pro”, “Background Cut Out Pro”, and “Photo Background Editor”. Interestingly, some of these apps have been found to feature ad-serving code before and were removed from the app store in the past.

android-apps-on-google-play
Source: Sophos News

All 15 of the discovered apps hide their respective app icons from the launcher in order to make it harder for the user to locate them and remove them. Some take an extra step in the deception, disguising themselves in the App Settings list so that users cannot figure out what is what. The “Free Calls & Messages” is even tricking users by making them believe that it has never run on the device in the first place. When trying to launch it for the first time, it displays a fake message that reads: “This app is incompatible with your device!”. It then launches Google Maps as a distraction and proceeds to hide its icon from the launcher.

Once the deception is established, the apps use a library named “koolib” to install an ad-serving service and start pushing obstructive, annoying, full-screen, attention-grabbing ads. Obviously, many users have realized the culprit behind the destructed user experience on their phone, and there are thankfully quite a lot of Play Store reviews to reflect and uncover the true nature of these apps. Unfortunately, though, the apps continued to infect thousands of new devices each week, and they are reportedly very hard to remove/uninstall.

ad-serving code
Source: Sophos News

Google accepted the Sophos report and removed the apps from the store, but those who had them installed on their phones will continue to be served with ads. Below is a full list of the 15 Android apps that you should remove from your device. Remember, these apps may or may not be from the same author, who has managed to get them to the Play Store at least twice, and this means that we may see them again there in the future.

  • free.calls.messages
  • com.a.bluescanner
  • com.bb.image.editor
  • com.cc.image.editor
  • com.d.bluemagentascanner
  • com.doo.keeping
  • com.e.orangeredscanner
  • com.hz.audio
  • cos.mos.comprehensive
  • com.garbege.background.cutout
  • com.hanroom.cutbackground
  • com.jiajia.autocut.photo
  • com.jiakebull.picture.background
  • com.fruit.autocut.photo
  • com.huankuai.autocut.picture

Do you tend to use photo editors from obscure developers on Android, or do you only use paid apps from trustworthy vendors? Let us know in the comments down below, or on our socials, on Facebook and Twitter.

REVIEW OVERVIEW

Recent Articles

Amazon Prime Video Finally Gets Support for Multiple Profiles – Already Rolling Out in the USA & Around the World!

Prime Video now supports up to six individual profiles, all of which must be linked to one primary Amazon account. You’re free to...

“BlueLeaks” Portal Took Down and Server Seized by the German Police

“BlueLeaks” server located in Germany and seized by the authorities, so the portal is now down. The massive collection of US police...

Additional Evidence Points to the iPhone 12 Coming Without a Power Adapter & EarPods

A 3D concept rendering has surfaced online, showing the insert that will go into this year’s iPhone’s retail box. Once again, we see...

‘Freddie Mac’ Mortgage Loan Company Announces Data Breach

One of ‘Freddie Mac’s’ service vendors was hit by ransomware, and loan applicant data may have been compromised. The data includes sensitive...

HomePod Will Finally Let You Pick a Default App for Music Playback, Podcasts & Audiobooks

The newest HomePod beta software provides an option to set a default app for music playback, podcasts, and audiobooks. It means that HomePod...