Google Android malware has been under the spotlight frequently over the last few weeks. Today is no different: Security researchers at Trend Micro have revealed that the Google Play Store hosted 85 app ridden with adware. Worse still, these apps have netted more than 8 million downloads.
The adware-ridden apps were posing as legitimate services focusing on gaming or photography. You can find a list of the apps here.
Adware is malware that hides on your device and serves you unwanted advertisements. But the adware discovered by Trend Micro isn’t quite what you’d expect, according to the researchers.
Aside from showing advertisements that are difficult to close, it employs “unique techniques to evade detection through user behavior and time-based triggers,” according to Ecular Xu, mobile threat response engineer at Trend Micro.
The malicious apps hide their icon and create a shortcut on your phone’s home screen around 30 minutes after they are installed. This stops them from being uninstalled by simply dragging and dropping the icon to the “uninstall” section.
The adware apps use “Java reflection”–which allows the app’s runtime behavior to be inspected or modified–to remain hidden.
Meanwhile, in order to display unwanted advertisements, the app registers a broadcast receiver to check if the user has unlocked the device. Once conditions are met, the ads are displayed on a full screen. Users have to watch the entire the ad before they can close it or go back to app itself.
What to do
Thankfully, the apps are no longer available. After Trend Micro disclosed its findings to Google, the adware-embedded apps were removed from the Play store.
However, for those already affected, Trend Micro has some tips to help lessen the adware’s impact. The researchers point out that the latest Samsung Android devices have a feature that restricts the creation of shortcuts on the home screen, which can help users uninstall it.
If you are already infected, ethical hacker John Opdenakker advises: “Uninstall the malicious app. If that doesn’t help, use adware clean up software–and if all of this doesn’t work, you can do a factory reset.”
This Wintips blog offers some more in-depth advice on how to clean up your Android device.
You’ve heard it before, but it’s important to be cautious when you download apps from the Google Play Store. “Unfortunately, users cannot blindly trust applications on Google Play to be malware-free,” says Opdenakker. “That’s why it’s important to install an antivirus app and be careful about which apps you install.”
This means not installing apps which require excessive permissions. For example, says Opdenakker: “A barcode reader doesn’t need to access your contacts.”
It’s also a good idea to read the app reviews before you install them, just as you would when buying an item on Amazon. “Look up the app name and creator to check whether the app is known to be malicious,” advises Opdenakker.
Independent security researcher Sean Wright agrees: “Read the reviews, especially the negative ones,” he says.
He sees adware-ridden apps such as these as “more of a nuisance than anything else.” However, he warns: “I suspect it won’t be long before these types of apps attempt to do more potentially harmful things such as periodic screenshots, or perhaps even start to encrypt files–effectively making them ransomware.”
Android malware is nothing new. If you keep up to date on specific threats and take steps to avoid them by for example being careful which apps you download, it isn’t impossible to secure your device.