Another Play Store Infiltration – Adware/Spyware Families Spreading through Various Apps

Android users around the world have had one problem with their devices – The lack of security. Let’s face it: Most Android devices are top-notch, but the ability to download anything from anywhere has its risks despite the convenience. Unfortunately, unknown sources are no longer the only threat, as even Google Play can slip up, especially in this recent campaign where adware and spyware are being distributed on the platform.

Spyware and adware are constant visitors to Google Play’s library. However, the infected applications don’t always gain popularity among users. This time around, they did, as they harnessed over 2 million downloads.

These applications are dangerous, particularly due to the fact that they inject a user’s device with FakeApp, Joker, and the HiddenAds malware families. What do we know about this campaign? Scroll down a bit further to learn more.

Apps with Two Million Downloads – Play Store Does it Again

As we mentioned, Android users are always susceptible to malware injections as they can download any kind of software from any source available.

Unlike iOS users, those who operate Android devices are not limited to what their App Store has to offer. While that provides convenience in so many ways, it also opens up a lot of malicious possibilities.

Unfortunately, recurring incidents showed that unknown sources aren’t the only risk out there for Android users. Google Play Store itself can also be susceptible to malware infiltration.

In fact, a while ago, the Android app library was hosting various applications that had a dangerous banking trojan called Anatsa.

Another example would be Play Store’s spyware hosting through other applications. That one was none other than DONOT, which made itself available through a “Chat” app and a VPN client.

This time around, applications with over 2 million downloads were made available on Google Play, hosting  ‘FakeApp,’ ‘Joker,’ and the ‘HiddenAds’ malware families:

• Super Skibydi Killer – 1,000,000 downloads
• Agent Shooter – 500,000 downloads
• Rainbow Stretch – 50,000 downloads
• Rubber Punch 3D – 500,000 downloads

According to Dr Web’s report, these applications have a well-crafted hiding mechanism. When the users install them, they masquerade their icons as Google Chrome.

Not only that, but some of them can also create a transparent icon page, creating an empty space on the app screen.

As most adware-infected apps, these ones will run in the background without the users’ knowledge or consent. Over time, they’ll start launching ads through the browser and generate revenue for the operators.

Several other apps hosted the FakeApp malware, which directs users to investment scam sites. It doesn’t end here – even game applications loaded online casino websites, which clearly violates Google Play policies. 

Another Google Play Incident

When you want to download an app, make sure you check the reviews first. If that goes well, there are also other steps to make sure it’s not malicious.

The most important thing to look out for is the “Permissions” it asks you to grant it. Some permissions don’t make sense, considering the app’s functionality, so this should be a red flag.

Be careful. Android devices are excellent and all, but malware finds its way to them easily. Stay Safe.