British company researchers Sophos, a developer of solutions for digital security, discovered 15 malicious apps available on the Google Play Store that aimed to infect Android devices with adware. After installation, apps started showing excessive advertising ads. According to a study released last Tuesday (8), the programs reached more than 1.3 million people around the world.
So that the strategy of advertising disclosure was not discontinued by the user, the applications hid the tray icons themselves, making it difficult to uninstall. Some of them disguised themselves on the Android settings page, using names and icons similar to system services, confusing the user.
Fake apps with advertisements have been downloaded by eight million users
Malicious apps generated ads and hid so they wouldn’t be uninstalled on Android – Photo: Playback / Sophos
Want to buy cell phones, TV and other discounted products? Discover Compare dnetc
Most apps were featured on the Play Store as image editors, QR Code readers, phone locators, or device backup and cleaning utilities. According to the report, Google was notified by Sophos in July, and the apps have already been removed from the store. Below are the names of the 15 malicious applications:
- Flash On Calls & Messages
- Read QR Code
- Imagine Magic
- Generate Elves
- QR Artifact
- Find Your Phone: Whistle
- Scavenger — speed guard
- Auto Cut Out Pro
- Background Cut Out
- Photo Background
- Background Cut Out New
- Auto Cut Out
- Auto Cut Out 2019
One of the apps started to act criminally right after installation. An error alert displayed the message «This application is incompatible with the device«, then displaying the Google Maps page on the Play Store, leading the user to believe that the map application would be causing an inconsistency. Then the program was hidden from the app tray and started showing ads. Some of them started the display of adware only after a certain time after installation.
To disguise themselves between system apps and mislead users, apps took on false names like «Google Play Store», «Update», «Backup» or «Time Zone Service», also displaying icons similar to those of original Android services .
Apps took names of Android system services to confuse users – Photo: Playback / Sophos
The apps were added to the Play Store between January and April this year. Although they were marketed by different accounts, some of them had similar code structure, interface, package names and behavior. Still, it is not possible to say that the same person or group is responsible for all of them.
If you downloaded one of the apps, the recommendation is to uninstall it immediately. If it is not visible in the app tray, go to «Settings» and go to «Apps and notifications». Recently opened applications will appear in this list, allowing deletion.
If you don’t see the suspicious icon on the screen, try to view it in the settings of Android apps. When you find a suspicious app, open the item and tap «Force Stop». If it is a standard system application, it will have the option «Disable», but if it is an external app, it will show «Uninstall». If the latter option appears, remove it immediately.
Before downloading apps from stores, you should be aware of reviews by other users. All the apps mentioned above were heavily criticized in the comments because of the adware. Also give preference to services that you have heard about and that have a good reputation. In addition, it is not recommended to be one of the first users to try the apps. Finally, it is always valid to keep antivirus software installed on your device – see the best options for Android in 2019.
How to remove viruses on an Android phone