Feb 3rd, 2015

Google Play Android adware

We’re sure many of you have seen it before. You’re messing around with an app when, out of nowhere, you see a full-screen ad or find yourself automatically redirected to some random application/game from the Google Play Store. Other times, you’ll be taken to a website telling you that your phone is running slow, infected with viruses, kiddie porn, or any variation of scary phrases but always offering the same solution: downloading some app off the internet to fix it.

Often times, these webpages disguise themselves to closely resemble the Android OS or mimic the Google Play Store, attempting to lure in unsuspecting or naive Android users with promises of software updates or other applications looking to “help.” The crazy part? According to security researchers from Avast (the antivirus people), this adware isn’t coming from some pirated app downloaded off the dark side of the internet — it’s coming from inside the house apps downloaded from the Google Play Store.

In a new report, researchers have identified a variety of popular Android apps and games available on the Google Play Store — some downloaded over a million times — that are said to be infecting our Android devices with this annoying type of adware. Some of the offending applications found on Google Play include:

The apps are pretty smart too about how they go about spamming your device with ads too. Upon install, the apps work as advertised, providing users with a fully functional (free) game. This is why many of these apps have solid 4 to 5-star review rating in the Play Store. But the really sneaky ones can wait upwards of 30 days before going balls-to-the-walls with ads. This is done so that the user will suspect some other app or game recently installed was the culprit. Because of the way to the ads work, applications like Add-on Detector aren’t flagging the offending apps. In fact, many of the antivirus applications in the Google Play Store aren’t able to flag this type of adware.

Maybe that’s why, in some cases, the adware redirects to a legitimate antivirus app in the Google Play Store. We don’t believe these these companies are the ones behind the adware (I’ve been redirected to Clash of Clans on more than a few instances), instead paying for what they believed was an ad from a fully legitimate mobile ad company, possibly even forking out money for every click/redirect to their app in the Play Store. This is why you can be browsing a well-known, safe website on Chrome for Android when a redirect occurs (a solution to this problem can be found here), an issue we suspect could have something to do with a rogue advertiser on Google’s mobile ads network.

Of course, Avast was more than happy to take the opportunity to suggest Avast Mobile Premium, which has the ability to detect adware infected apps and games like these. We’ve reached out to Google for comment and at the time of this writing, the infected apps still remain on Google Play.

Have any of you noticed aggressive ads like this randomly appearing on yours (or a loved one’s) Android device?

local_offer    Malware