Next time you’re thinking about downloading a new app — especially if it’s a freebie from the Google Play Store — and ask yourself: Is this worth getting hacked over?
If that sounds overly cautious, look at new findings published Monday by Trend Micro, which provide the latest evidence that the Play Store is littered with programs that aim to leverage unwitting users’ devices for their own purposes. The problem of malicious apps isn’t new, but the urgency to solve the problem is growing as web users increasingly connect to the internet with only their phone, and scammers’ techniques evolve.
Researchers from the Japanese security giant found 182 gaming and camera-related apps, which collectively had been downloaded more than 9.3 million times, that came loaded with malicious software that exploited victims’ phones to boost advertising revenue. This discovery come less than a week after Symantec and Wandera unveiled other Android apps meant to do almost exactly the same thing: trick users into downloading their program then flood them with ads.
Of the 182 apps found by Trend Micro, 111 existed on the Google Play Store — the primary place where Android device users download apps — while the remainder were accessible on third-party marketplaces. All of them served deceptive ads, meaning the popups either were difficult to escape, took over the entire screen, ran in the background, ran duplicate ads or popups continued to appear after the user tried to escape the cycle.
“Based on the apps’ behaviors, we generated heuristic patterns that we used to analyze other samples that we have detected,” researchers said in a blog post. “After analysis of the apps’ package names, labels, publishing times, offline times, code structures, and code styles and features, we deduced that the adware campaign has been active since 2018 and that the apps are from the same adware campaign despite their having been submitted by different developers.”
Malicious apps are able to subvert the Google Play Store’s security controls in a number of ways. Scammers can encrypt the malicious components of their app, rendering the hacking or adware tools invisible to the Play Store’s safety checks. They also can set the malicious activity to a time delay, so it’s not activated until the app is on the store or on a victim’s phone, or avoid including anything nefarious in the app at all, and only direct users to malicious content later.