Android adware infected more than 15 millions users via Play store

Security experts at Avast have discovered three malicious Android apps that were serving Adware, more than 15 million users infected via Play store.

Adware is one of the most insidious threat to the mobile platform, this family of malicious code is used by threat actors to automatically display or downloads advertising material when a user is online. Adware represents a serious threat to the user privacy because some ad networks collect a huge quantity of personal information, including email address and phone numbers, data that could be sold in the underground or used for targeted attacks.

Security researchers at Avast, have discovered a new strain of adware on the official Google Play Store, and for this reason have infected millions of Android users.

The experts have pointed out three popular gaming apps deployed on the Google Play Store that were used to infect with the “adware” the unaware users.

The three malicious Android app are:

“Durak” card game app
“IQ Test” app”
“Russian History” app.

The three apps were offered for free in the Play Store and apparently they have been published by different developers, impressive the number of download they reached, the Durak card game app alone has 5 to 10 million installs, total of the three apps have achieved more than 15 Million installs. Once the victims have installed the malicious app on their mobile device, with the passage of time, users can see abnormal behavior and a degradation of the performance of the smartphone, which begins to provide reports of problems and the presence of alleged infections.

“Each time you unlock your device an ad is presented to you, warning you about a problem, e.g. that your device is infected, out of date or full of porn. This, of course, is a complete lie. You are then asked to take action, however, if you approve you get re-directed to harmful threats on fake pages, like dubious app stores and apps that attempt to send premium SMS behind your back or to apps that simply collect too much of your data for comfort while offering you no additional value. An even bigger surprise was that users were sometimes directed to security apps on Google Play. These security apps are, of course, harmless, but would security providers really want to promote their apps via adware?” reads a blog post published by Avast.

Users could be redirected to malicious content managed by threat actors that could be used for financial scams (i.e. Sign up for a premium SMS service that user has no quested, installation of unwanted app).

In the specific case, users have been redirected to the Google Play store pages for legitimate security applications in order to restore normal operations of the smartphone.

“This kind of threat can be considered good social engineering,” states Avast.

Google has already removed the malicious Android apps from its Google Play store, of course the company banned the developers.

Pierluigi Paganini

(Security Affairs – adware, Google Play store)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.