Google Android malware has been under the limelight frequently over the last few weeks. Security researchers at Trend Micro have revealed that the Google Play Store hosted 85 apps ridden with adware. What is worse is that these apps have netted more than 8 million downloads.
The adware-ridden apps were posing as legitimate services aiming at gaming or photography. You can find a list of the apps here.
Adware is malware that hides on your device and serves you undesired advertisements. But the adware discovered by Trend Micro isn’t quite what you’d expect, according to the researchers.
Aside from showing advertisements that are tough to close, it employs “unique techniques to evade detection through user behaviour and time-based triggers,” according to Ecular Xu, the mobile threat response engineer at Trend Micro.
Given the prevalence of adware on Play store, it’s important to validate the reviews of unfamiliar apps; these apps in particular racked up several one-star scores, with users pointing out the problems they’ve witnessed. That said, we’ve even seen cases of adware being pre-installed on Android phones, though that’s generally on phones not certified by Google.
The malicious apps hide their icon and create a shortcut on your phone’s home screen around 30 minutes after they are installed. This stops them from being uninstalled by simply dragging and dropping the icon to the “uninstall” section.
The adware apps use “Java reflection”–which allows the app’s runtime behavior to be inspected or modified–to remain hidden.
Meanwhile, to display unwanted advertisements, the app registers a broadcast receiver to check if the user has unlocked the device. Once conditions are met, the ads are displayed on a full screen. Users have to watch the entire ad before they can close it or go back to the app itself.