The Latest in IT Security

Aggressive Ad Module Scans Android Apps


During our routine patrols of popular marketplaces offering Android applications we recently came across some suspicious applications hosted on the popular Google Play. The applications are distributed as hacking tools, utility tools, and pornographic apps by different developers. Here are images for a few of them:



Suspicious applications on Google Play.

These apps seem to offer no functionality based on their titles, stating “increase Internet speed” and “phone hacking,” for example.

Once installed by the victim, the apps appear to work at first but in fact they simply display screens with interactions that are all fake, using hard-coded or random values generated by the code to seem legitimate. In short, these apps are fake or joke applications.

image4 image5
These fake apps appear to be working on the surface.

Hard-coded PIN in the code.

These apps also bundle several components that relentlessly show advertisements after the user closes the app. In our research, one of the ad modules has an online scanning function, which checks installed apps on the device without the user notification and aggressively displays a purchase screen.

image7 image8
Executed online scan function.

We also confirmed the ad module attempts to download the alleged antimalware application Armor for Android from a remote server.

image9 image10
The “antimalware” application downloaded from a remote server.

As always, users should never install unknown or untrusted software. This is especially true for illegal software, such as cracked applications. They are a favorite vector for malware infection. McAfee Mobile Security detects these suspicious fake apps as Android/FakeBapp.C.

Leave a reply


THURSDAY, MAY 23, 2024

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments