Google has removed several of malicious Android apps from the Play Store after multiple reports stated the programs were overloading user devices.
There were more than thirty apps that Google identified to be a threat, which would flood users with intrusive advertisements and randomly-occurring redirects.
A single cybercriminal group was reportedly the developers of all the apps. The apps they developed were a way for them to get their services into the Google Play Store by tinkering with the functions inside the programs so that they could sneak past Google's anti-adware protection.
Most Of The Malicious Apps Were Beauty Apps
The security firm known as White Ops identified the ad-spamming apps. White Ops reported their findings to Google so that the apps could be taken off the Play Store.
According to the White Ops report, the majority of the malicious apps were related to beauty or filter packages. It included selfie apps and apps that advertised as ones that would apply filters over the user's pictures.
When the user downloaded any of the apps and installed it, they would be barraged with random ads, and they would be randomly redirected to random websites. The apps hid their icons so that they could hide from users that didn't know another way to uninstall the apps.
Most of the apps seemed to be versions of other services, but the cybercriminals modified or amended them. These other services didn't get much attention from Play Store users until the anti-adware code was removed.
Initially, Google accepted a lot of malicious apps into the Play Store. It only took two weeks, however, for Google to find out that these apps were malicious and they removed them promptly.
Despite only lasting two weeks on the Play Store, White Ops found out that more than half a million users downloaded the apps overall.
How The Malicious Apps Got Past Google's Security Measures
The cyber criminals wanted to get their apps back in the Play Store, so they attempted to trick Google using a variety of tricks. Most of them involved getting rid of the malicious code in its entirety. The lack of malicious code tricked Google's Play Store into accepting these apps.
Although soon afterward, the apps would be updated with the malicious code put back into it, which continued the intrusive ads and random redirects.
Another technique they applied was inserting Arabic characters, which included Quran verses, instead of English in the source code of the apps. This technique disguised the malicious features, which got through into the Play Store.
Google has removed all the malicious apps, and they stated that they will beef up their security on suspicious apps like the ones that White Ops found.
The Satori #threatintel team offers a look at BeautyFraud, a mobile #adfraud scheme that amassed more than 20 million downloads across 38 apps: https://t.co/8YGXitd8g1 pic.twitter.com/R4XDfRDAbE — White Ops (@WhiteOps) June 9, 2020