As many as 38 Android apps containing fraudulent advertisements have been discovered in and removed from the Google Play Store.
The malicious apps, discovered by cyber security firm WhiteOps, displayed out-of-context advertisements, redirected users to out-of-context URLs and were difficult to remove once installed.
The WhiteOps study described the apps as “a fraud operation that rendered fraudulent advertising in users’ devices” and said the apps had amassed more than 20 million downloads in total.
The apps masqueraded as beauty apps for taking and editing selfies. In reality, they spammed users with ads, launched websites and removed the app icon from the app listings so it was “nearly impossible” to delete the apps. WhiteOps has posted the full list of the bogus beauty apps online.
The first app was discovered in January 2019, and while several more were published and removed from the Play Store by Google in the months to follow, they gained a large volume of interest from users.
“In the time since that first app was published, the fraudsters published a new app every 11 days on average. And on average, those apps were pulled down from the Play Store 17 days later,” wrote the WhiteOps researchers in their report.
“These numbers tell a story of a cat-and-mouse game, in which the Play Store hunts down the fraudster and keeps them in check by removing fraudulent apps as quickly as they’re discovered,” the report added. “But even with an average of less than three weeks of time on the Play Store, the apps found an audience: the average number of installs for the apps we analyzed was 565,833.”
‘Robust mechanisms to avoid removal’
Within a few months, Google had removed 21 fraudulent apps from the same threat actor. But the cyber crooks simply resorted to updating their methods to publish more apps and make it harder for Google to detect them, bringing the total to 38.
The researchers added: “The fraudster likely developed a more robust mechanism to avoid detection and removal. A batch of 15 apps, all published after September 2019, had a much slower removal rate using those new techniques.”
To identify fraudulent apps, the researchers recommend that Android users ask themselves the following questions:
- Do the reviews talk about ads popping up all the time? Even while the users are on their Android home pages?
- Do the reviews talk about the app disappearing from the app drawer and being unable to uninstall the app?
- Do the reviews have a lot of complaints that the app doesn’t work?
- Does the app publisher have a lot of downloads in a very short amount of time?
- Does the app publisher have any other apps, or is it only this one and it has a large number of downloads?