The Latest in IT Security

New Android Adware on Google Play More Aggressive than Ever

New Android Adware on Google Play More Aggressive than Ever

has found 10 apps that have been packed full of aggressive adware  to either subscribe users to premium-rated numbers using scareware messages or install additional apps that pack in even more ads.

The apps (including the “What is my ip?” still available on Google Play) were designed to use a different name when installed to give users a hard time identifying and uninstalling them.

Once installed, they create a desktop shortcut named “System Manager.” If someone figures out that one of these apps is responsible for all the browser redirects and scareware messages, he’ll have a hard time finding and uninstalling the app in the Application Manager menu as it hides under the vague new name and not, for instance, “What is my ip?” Less tech-savvy users will be thrown off the scent and the app will remain installed and running indefinitely.

New Android Adware on Google Play More Aggressive than Ever

Probably one reason the apps circumvented Google’s vetting is because the used to redirect users doesn’t actually disseminate malicious .apk files. Its purpose is to redirect browsers – Android’s native browser, Chrome, Firefox, Facebook or even TinyBrowser – to a specially created URL that tosses users around from one ad-displaying website to another.

New Android Adware on Google Play More Aggressive than Ever

For each browser search, clicked URL, or Facebook-opened link, users are redirected to a webpage ( that displays a variety of geolocation-specific ads intended to either scare viewers into subscribing to premium-rated numbers – for an alleged security subscription – or trick them into installing more disguised as system or performance updates.

New Android Adware on Google Play More Aggressive than Ever

These ill-intended apps only require two permissions – Network Communication and System Tools – but can still cause massive headaches and potentially trick users into downloading device-clogging apps and adware.

Although they’re not malicious per se, by broadcasting sensitive information to third parties, they resemble aggressive adware found on desktop PCs. The resulting barrage of pop-ups, redirects and ads irks users and seriously damages both the user experience and the performance of Android devices.

New Android Adware on Google Play More Aggressive than Ever

Aggressive adware has advanced at a dangerous clip in the past couple of years, moving from in-app advertisements and adware SDKs, to browser redirects and covertly running apps at start-up under seemingly legitimate names.

At the time of writing, some of the apps are still available on Google Play. We detect them as Android.Trojan.HiddenApp.E. We strongly encourage everyone to install a security solution that can detect malware and aggressive adware and keep them off of your Android device.

Samples md5:

f2d57300d5f991dbc965ac092d5f4301 – com.alm.alm
c1d7afa5c4eb0b8e3c0292eadf98771e –
16967bea7d3dcb08c12220925ef6f030 –
cb9d3ff0eea162dd602eefe7b08ded49 – com.est.esteban
dbc99ba3241f943cc9e58870f0e40b34 – com.brer.brer
51bc232de9af3f34a58d824da86a70bc –
996c4a1525729466d87edf85cbbdf5de – com.who.myip.detect
6f37bd3c286440e37103ee8b67aca7d6 –
47b863625a8022399247fc92c4d5d178 – com.esc.escd
e1ccb51569635415e66af16cbdd94ddc – com.esc.escde

This article is based on the technical information provided courtesy of Bitdefender Researcher Alin Barbatei.

Read More

Leave a reply


MONDAY, JUNE 17, 2019

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments

Social Networks