Adware found in Google play Apps infects Milions of Android Users

Android-malwareMalware on Android is not new anymore but this time adware has taken over Google play with approx 10 million  downloads. Avast researchers have identified three apps that might have millions of downloads. The  apps identified are “Durak card game app”, “IQ Test” app and “Russian History” app from three different developers performing the same adware installation.

Durak card game app alone has 5 to 10 million installs, and the combination of all the three apps have more than 15 Million installs, according to the data on Google Play Store.

 The scareware tricks the user to install app  with a warning message “WARNING!! YOUR DEVICE IS INFECTED”
Once this app is installed on users android phone, the app display adware(ads) disguised as warning messages to end users when they use their Android smartphones, as per the Avast blog blog post .

When you install Durak, it seems to be a completely normal and well working gaming app,” says Avast researcher Filip Chytry. “This was the same for the other apps, which included an IQ test and a history app. This impression remains until you reboot your device and wait for a couple of days. After a week, you might start to feel there is something wrong with your device.

The researcher saw different kinds of behavior and one of them was prominent. After  30 days users saw sudden increase in ads frequency appearing on infected android smartphone.  Every time when a user unlocked their device they would see the ads which often said their phone is infected or needs a update. If the user choose to approve the message then users were either signed up for premium SMS or install apps to collect user information.

 Surprisingly some ads even pointed to legitimate security websites or Google play which was hinting of social engineering. Either case the malicious app was one of its kind and combined of all 3 apps there were approx 15 million downloads out of which Durak had around 10 million.
Share Button
Tagged with 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>