Japanese IT security company Trend Micro has found Adware-fueled apps on the Google Play Store that were disguised as game, TV, remote control apps, and have reportedly infected millions of users. Detected as AndroidOS_HidenAd, these 85 apps are capable of displaying full-screen ads and monitoring a device’s screen unlocking functionality. Trend Micro says that they keep themselves hidden and run in the mobile device’s background.
“The 85 fake apps, which have been downloaded a total of 9 million times around the world. After verifying our report, Google swiftly suspended the fake apps from the Play store,” Trend Micro said in a blog. The “Easy Universal TV Remote,” which claims to allow users to use their smartphones to control their TV, is the most downloaded among the 85 adware-loaded apps. The app, which has been downloaded more than 5 million times, has received multiple complaints.
Trend Micro claims that it has tested each of the fake apps related to the adware family and discovered that though they come from different makers and even have different APK cert public keys, they exhibit similar behaviours and share the same code. “After the adware is downloaded and launched on a mobile device, a full-screen ad initially pops up,” the IT security company added.
When a user closes the first ad, call to action buttons such as “start,” “open app,” or “next,” as well as a banner ad appear on the user’s mobile device’s screen. When the user taps on these action buttons, another full-screen ad comes up prompting the user to give a five-star rating to the app on Google Play. If a user taps another action button, the app informs the user that it is loading or buffering.
Interestingly, after a few seconds, the app disappears from the user’s screen and hides its icon on the phone but still runs in a device’s background. The adware is configured in such a way that though hidden, a full-screen ad pops up every 15 or 30 minutes on the user’s device. Some of these apps monitor user screen unlocking action and each time a user unlocks the device, it will then trigger a full-screen ad pop up.