- Wandera discovers another set of malicious apps on the Play Store, all of which are adware-fetchers.
- The apps wait for 10 minutes before they wreak havoc, not stopping even when the screen is off.
- Victims waste their mobile internet data, CPU resources, and precious battery juice – while creating a possibility for very dangerous attacks.
Wandera researchers warn us about seven apps that are available on the Google Play Store, and which contain a dropper. These apps are configured to fetch APKs (Android packages) from a GitHub repository, which are almost always adware. This obviously violates multiple terms and policies of the Google Play Store, can lead to fraudulent data charges for the victims, drain the device’s battery, and cause performance slowdowns. The dropper apps that you should uninstall immediately are the following:
- Magnifying Glass by PumpApp
- Super Bright LED Flashlight by PumpApp
- Magnifier, Magnifying Glass with Flashlight by LizotMitis
- Super-bright Flashlight by LizotMitis
- Alarm Clock by iSoft LLC
- Calculator by iSoft LLC
- Free Magnifying Glass by iSoftLLC
The above apps are downloading more apps from the aforementioned GitHub repository, which are calculators, flashlights, bass boosters, etc. All of them are basically adware, so if something that you haven’t installed yourself appears on the app drawer, it means that you have blundered in a previous step. In this case, scrutinize your recent installations and remove the applications that could be the culprit. After all, magnifying apps are just using your camera’s zoom, and your LED can’t get any brighter than it already is by default, so you practically don’t need any of the apps listed above.
The adware that is installed by the dropper apps waits for 10 minutes before it begins serving full-screen, overlaying, intrusive advertisements. The video ads aren’t even accepting any user interaction, so there’s no way to close them. To make things worse, the adware still tries to deliver ads even if the screen is turned off. This means that data consumption, battery consumption, and CPU usage continue to be a problem even when the device is left on standby.
Now, as Wandera points out, the ads may be annoying, but the actor can very easily replace the adware with more dangerous malware samples. Especially now that the campaign has been unveiled, the actors could go all in. Hopefully, they are not prepared for such a step, and the whole situation will gradually deflate now. As we reported earlier today, Google has partnered with ESET, Zimperium, and Lookout to help them detect and stop apps such as these seven droppers from finding their way into the Play Store. The necessity for this was beyond doubt, and this story serves as another book page in a whole library.