Millions of Android users have been tricked into downloading adware-laden apps posing as photo-editing apps and games. The security firm Trend Micro said it found 85 individual apps which have been downloaded more than eight million times from Google Play — all of which have since been removed from the app store.
Trend Micro provided a list of the apps — including Super Selfie Camera, Cos Camera, Pop Camera, and One Stroke Line Puzzle — all of which had a million downloads each. Most of these apps had as many one-star reviews as they did five-stars, with users complaining about the deluge of pop-up ads.
The security firm researchers found that the apps would hide their icon about 30 minutes after being installed and create a shortcut on the phone’s home screen. This prevented the apps from being uninstalled by dragging and dropping the icon to the Uninstall section.
To evade detection, the app uses Java reflection — which enables the runtime behaviours of an application to be inspected or modified, explained the security firm.
The adware apps used to run on a user’s device and silently serve and click ads in the background to generate ad revenue. And all of this used to happen without the knowledge of the user. Apart from that, the apps also showed full-screen ads once it verified that the device has been unlocked.
Users could not close the app unless they have viewed the whole duration of the ad. Trend Micro said, “Users are forced to view the whole duration of the ad before being able to close it or go back to app itself.”
Fraudsters can also remotely configure how often the ads are displayed on affected devices, allowing ads to be displayed more frequently than the default five-minute intervals. The code also checks to make sure it doesn’t show the same ad too frequently, the researchers said.