New Ad Malware in Play Store

Software Company, Symantec has revealed three malicious android apps that click on ads without their user’s knowledge by fooling the security scanners. After the revelation, Google had removed those apps from the Play Store.

All The three apps are related to battery improvement, mimicking the likes of Battery Doctor and Clean Master, the two most popular android apps to improve a phone’s battery life.

Two of the apps-Fast Charge 2017 and Fast Charger X3 Free have been downloaded between 10,000 and 50,000 times in North America. The third, Clear Master Boost and Clean, has been downloaded between 5,000 and 10,000 times. All three used delayed attacks, self-naming tricks, and an attack list dictated by a command and control server to prevent users from learning their real purpose or stopping them from earning their creators some more money. Given their popularity, the difficulty with which they are stopped, and their ability to receive new targets from central servers, the apps could earn their operators a pretty penny.

“By triggering malicious behaviour on a delay, malware can trick victims into blaming subsequently installed apps for strange behaviour they’re observing,” Symantec researcher, Shaun Aimoto said. “This mechanism also thwarts attempts by AV programs using dynamic analysis because the delay often leads to dynamic analysis exiting before it detects the threat.”

Symantec found that these apps used one name on the home screen while they hid under a different process name. For example, the ‘Fast Charger’ hid under the process name ‘android’ and once when the app hides by deleting itself from the launcher, all that’s left is a process called ‘android’. Fake app name will wait for hours after being installed, and once the timer ends, will request their command-and-control (C&C) server a list of ads or apps to show or install on the contaminated device.

Another trick used by these apps is self-renaming. For example, the apps titled Fast Charger would rename their process name as “android.” Users inspecting the Settings/Apps section of their phone would have no idea which of the 2-3 services titled “android” is the real OS, and would most likely leave them alone, fearing not to crash their phone.

Ad-focused schemes can be quite lucrative. These apps are an easy way for someone to make a buck. And, unlike other Android malware, these apps didn’t pose as a popular game or use a third-party marketplace to do it.

To avoid being the victim of such malware, Symantec suggests to keep your software up to date and to not download apps from unfamiliar sites but only from trusted sources. The users should pay close attention to the permissions requested by apps which are an uncommon habit in people. The software giant also suggests installing a suitable mobile security app, such as Norton, to protect your device and data and make frequent backups of important data.

Leave a Reply