A group of specialists has reported detecting a lot of malicious apps available on Google Play that include adware, proving that it is not impossible to dodge security controls in the world’s largest app store.
The applications in question have been downloaded by about 8 million users, and are loaded from the adware variant known as HiddenAds, as mentioned by experts from Next Gov.
The developers created simple games or tools of supposed utility for device security, although Emma McGowan, Avast researcher, mentions that these apps exist only to show intrusive ads to the user, even when outside the app.
In the cases analyzed, the applications attracted users by promising them implausible functions, although it is worth saying that everything is a hoax.
According to McGowan, apps also have tactics to prevent users from uninstalling them, such as the ability to hide their own icon. This is a tactic similar to that some adware campaigns have shown above, including some alleged photo download apps available on Google Play until recently.
Users of some apps detected in a previous campaign mentioned that they learned about these apps through some videos on YouTube, an indicator of the growing tendency of adware developers to use social media channels to distribute their malicious products.
Last September, researchers observed the spread of adware via the popular TikTok video platform: “The popularity of these social networks makes them an attractive advertising platform, even for cybercriminals,” McGowan adds.
Despite Google’s efforts, detecting malicious apps on Google Play remains a problem for the company. In early 2019, Google reported the removal of 17,000 Android apps potentially infected with adware, malware and even spyware. The developers of these malicious tools have already been expelled from the platform.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.