Researchers have found that several Android apps on Google Play quietly sneak malicious adware onto devices in ways that make it difficult for users to identify the sources of the problems. The apps had apparently been downloaded by millions of users before the malware was reported, according to a Tuesday blog post by Avast Mobile Malware Analyst Filip Chytry.
The suspicious apps included a card game, an IQ test and a history app. Chytry noted that Avast was alerted to the malware by a January 23 post on its mobile security forum.
Google has now removed the questionable apps from its play store, according to a Wednesday report on ZDNet. The apps appeared to have targeted both English-speaking and Russian-speaking users, ZDNet noted.
Millions of Downloads
While the initial forum report about the apps didn't seem like anything spectacular at first, "once I took a closer look it turned out that this malware was a bit bigger than I initially thought," Chytry said.
Because the apps appeared on Google Play, they potentially had a huge target audience, he noted. For instance, the card game app called Durak (which can be translated as "fool" in Russian) had been downloaded and installed between 5 million and 10 million times, according to Google Play.
The malware was insidious because the apps appeared to behave normally for several days, Chytry noted. Over time, however, users began to see pop-ups warning that their devices had been infected or they needed to be updated. Those warnings directed users to dubious apps and sites promoting questionable solutions to the devices' problem.
"After a week, you might start to feel there is something wrong with your device," Chytry said. "Some of the apps wait up to 30 days until they show their true colors."
Social Engineering Tricks
We reached out to a spokesperson at Avast who told us that researchers are continuing to investigate the malware. "Our analysts are currently checking if other apps could have been affected by this," the spokesperson said.
To protect against such malware, users should only download apps from official stores, she said. "We also always recommend users carefully check apps' permissions before downloading them. App permissions should be directly related to the app's functions and any access permissions made by apps that do not seem to support the app would also indicate that the app may be collecting unnecessary personal data," the spokesperson added.
Such malicious adware often succeeds because of the social engineering tricks used, such as persuading people that the advertised solutions to their devices' problems are legitimate, Chytry noted in his blog post.
"Social engineering tactics are favored by malware developers because they require little to no effort on their part, as the user 'willingly' allows the malware to enter their system," the spokesperson explained. "These are growing more sophisticated, especially as malware authors are forced to circumvent Google Play's policies."