Researchers have found another batch of malicious Android applications on Google Play that spam users with annoying full-screen ads and make using their phones difficult.
Trend Micro calls the adware AndroidOS_HidenAd and found it inside 85 apps that masqueraded as game, TV and remote control apps, the most popular of which had been installed more than 5 million times. The apps had more than 9 million downloads combined.
The applications were uploaded on Google Play by different developers but exhibited similar behavior and shared the same code. This shows the extent to which attackers will go to fool the app store’s scanners.
When an app containing AndroidOS_HidenAd is first launched, it will immediately display a full-screen ad. After the user closes that ad, the app will show a Start button, which, when clicked, will display another ad. When that one is also closed, the app will display multiple buttons, each of which trigger full-screen ads.
After the initial ads, the app will appear to be loading or buffering content and will then disappear from the screen and will hide its icon, in an attempt to make it more difficult for users to locate it and remove it. It will continue to run in the background and display full-screen ads every 15 minutes to 30 minutes.
Some apps also record and then monitor the user’s screen unlock actions and will trigger ads every time the screen gets unlocked.
“While the fake apps can be removed manually via the phone’s app uninstall feature, it can be difficult to get there when full-screen ads show up every 15 or 30 minutes or each time a user unlocks the device’s screen,” the Trend Micro researchers said in their report. “As more and more people become dependent on mobile devices, the need to keep mobile devices safe from a growing number of mobile threats—such as fake apps laced with adware—is all the more pertinent.”
Finding malware or adware apps on Google Play is not a frequent occurrence, but is not uncommon, either. That’s why users should also pay attention to an app’s ratings and reviews before installing it. Popularity is not always a reliable indicator, such as with the app that had 5 million installations, but most of the adware apps—including that one—had 1-star reviews and complaints from users.
Google uses automated scans and executes new apps inside an Android emulator to discover malware or abusive behavior. However, attackers are persistent and find ways to slip through. Adware apps have also been found in the iOS app store and Apple has a much more thorough app review process, which includes code analysis.
Adobe Updates Flash, Connect and Digital Editions
In a rare occurrence, Adobe released an update for Flash Player that doesn’t include fixes for security vulnerabilities. However, the company did release patches for important flaws in Adobe Connect and Adobe Digital Editions.
“These updates address feature and performance bugs, and do not include security fixes,” Adobe said in an advisory for the newly released Flash Player 220.127.116.11 version for Windows, Mac and Linux. Still, for some reason, the advisory was tagged as a “security bulletin.”
The update for Adobe Connect, Adobe’s web conferencing software, fixes an important vulnerability, CVE-2018-19718, that can expose session tokens and reveal privileges granted to a session. Users are advised to upgrade to version 10.1.
Adobe Digital Editions, a popular ebook reading application for multiple platforms, was updated to version 4.5.10 to fix an out-of-bounds read bug tracked as CVE-2018-12817 that can lead to information disclosure.