The Google Play Store which offers many popular Android apps has been under scrutiny lately. Several apps that have been downloaded by millions of users have been infected with malware and other malicious code. Researchers at Symantec have discovered two such apps that have been deploying some clever but unethical methods to stealthily earn revenue from unsuspecting Android smartphone users. What’s even more concerning is the fact that these compromised apps are reportedly still present on the Google Play Store, which means Android mobile phone users or victims can still download and use them.
Two Popular Android Apps Harbor Code Automating Ad Revenue Generation:
New research from Symantec has revealed that cybercriminals are using apps to auto-click on mobile ads to generate profit. It appears the apps skillfully hijack Android smartphones and use them to generate ad-clicks. These ads not only generate revenue but may even lead to malicious websites, all without the user’s consent. What’s even more concerning is that the victims remain completely unaware that their Android devices are being transformed into bots that keep on clicking on ads throughout the day.
Researchers at Symantec have so far identified two apps which have been hijacked. In other words, the company has identified two compromised apps, but there could be several more. These apps have so far been downloaded more than 1.5 million times. According to the researchers, cybercriminals may have successfully inserted their codes within the apps for more than a year.
— Times of India (@timesofindia) August 30, 2019
The malicious apps come from a developer called Idea Master. While one is a simple yet highly popular Notepad app called Idea Note: OCR Text Scanner, GTD, Color Notes, the other is completely unrelated fitness app called Beauty Fitness: daily workout, best HIIT coach. Researchers discovered the apps utilize embedded advertisements. These ads are typically placed strategically beyond the normal viewable area of the mobile device’s screen area. In other words, these ads are deployed in areas that aren’t easily visible to general users. The hidden code within the apps keeps on clicking on ads to generate revenue. In other words, a completely obscured automated ad-click process stealthily generates revenue for the criminals.
Since the ads aren’t easily visible, users have no way of knowing that their devices have become ad bots. However, several users affected by the apps may see their device’s battery draining far faster than usual. Additionally, since the process continually fetches ads and clicks on the same, the performance of the Android smartphone significantly degrades. The most obvious sign of malware is significantly increased consumption of data usage. Several affected users noticed unusually higher mobile data bills.
Needless to add, Symantec has urged Android smartphone users to immediately uninstall these affected apps. Moreover, affected users must also leave a feedback warning potential victims about the hidden dangers. This is because the two apps are still reportedly present on the Play Store.
Where there is a will, there is a way. These devs show that some ingenuity can mean apps that people will use and earn the devs more money by being sneaking in loading and auto-clicking ads. https://t.co/ycfDwVSWfG
— Jimmy T. (@TecSecOps) August 29, 2019
[Update] It appears Google has taken note of the affected Apps and has taken them down. Nonetheless, owing to an unusual increase of such attempts, it is important that Android smartphone users remain vigilant.