DatCom Blog

Infected Applications Removed from Google Play Store

Infected Applications Removed from Google Play Store

We all download apps. There are literally millions of apps to choose from and sometimes nefarious developers can get their application published with ulterior motives. A situation has just happened as Google has removed twenty-two apps that were found to contain automated click-fraud scripts from the Google Play Store. We’ll take a short look at what these developers were up to, and how the fraudster would affect you if you were one of the two million users that happened to download these apps.

What Apps?
First, we’ll start with a complete list of the apps that had been infested with this nefarious code:

  • Sparkle FlashLight
  • Snake Attack
  • Math Solver
  • ShapeSorter
  • Tak A Trip
  • Magnifeye
  • Join Up
  • Zombie Killer
  • Space Rocket
  • Neon Pong
  • Just Flashlight
  • Table Soccer
  • Cliff Diver
  • Box Stack
  • Jelly Slice
  • AK Blackjack
  • Color Tiles
  • Animal Match
  • Roulette Mania
  • HexaFall
  • HexaBlocks
  • PairZap

What Did These Apps Do?
SophosLabs found a cache of apps that feature what they call “Andr/Clickr-ad” malware. These applications are engineered with maximum flexibility in mind. They could contact a common attacker-controller server to download what is called an ad-fraud module. It does this every 80 seconds. The malware simply opened a non-visible window and would repeatedly click on ads, making the network look like it was getting more traffic, fraudulently enhancing the developers’ revenue.

No specific ad network was specified by Sophos, but users who had downloaded these applications would see a decrease in the battery life and/or an increase in the amount of data their device would use. One strange part of this is that some of the ad traffic was able to identify itself as from coming from iPhones, despite this appearing on Android-only apps. They came from “Apple models ranging from iPhone 5 to 8 Plus and from 249 different forged models from 33 distinct brands of Android phones.” This ploy was used as a way to increase revenues further as some advertisers will pay a premium to get their ads onto Apple devices. iOS versions of the apps, largely by the same developers, didn’t have the malicious code integrated.

Download Legit Apps
How can you go about making sure that you aren’t part of this problem? Download legitimate applications. Some of the best ways to make sure the apps you are downloading are legit, include:

  • Read a lot of reviews - Much of the information you will need to see the legitimacy of an application can be found in the review of the app in the store. If you make a point to read eight or more reviews, you will quickly get a good idea about how functional the application is.
  • Check app permissions - Applications need permission from a user to use the core functions of the phone. If the application in question tends to need access to functions that it shouldn’t, you should be skeptical about the application.
  • Check the terms and conditions - Most people don’t go through the terms and conditions of anything, let alone an application for their smartphone. Even if you do make a point to read them, the amount of legalese found is akin to a lullaby or a warm glass of milk. The problem for users is that there is a lot of good information about the applications, and specifically how it uses data. If you do set aside some time to read about it, check out some language that is relevant to the way you use the application.
  • Research the developer - Nowadays, software development is filled with people that are looking to make a name for themselves. This type of ambition can lead to bad decision making. If you take some time to do some basic research about the developer of an app you have reason to question, you’ll likely find the truth of whether they can be trusted or not. If they want to be known, they likely promote their work via social media, so, start there.

Android has millions of legitimate applications on the Google Play Store, so worrying whether or not you’ve downloaded one that will put your data at risk shouldn’t be too worrisome as long as you stick to our best practices. To learn more about technology, security, and mobile strategies, call DatCom today at 903-842-2220.

An IT Christmas Carol
Tip of the Week: Locating a Misplaced Smartphone


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Thursday, January 17 2019

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Technology Best Practices Privacy Cloud Network Security Business Computing User Tips Google Hackers Microsoft Tech Term Hosted Solutions Software Backup Malware Internet Business Mobile Devices Data Backup Hardware Data Innovation Smartphones Email Small Business Smartphone Communications Android Business Continuity VoIP Data Recovery Workplace Tips IT Services Computer Router Managed IT Services Cloud Computing Disaster Recovery Ransomware Communication Cybersecurity Browser Alert Windows 10 Outsourced IT Chrome Cybercrime Law Enforcement Windows 10 Artificial Intelligence Productivity Network IT Support Office 365 Server Internet of Things Business Management Money Collaboration Efficiency Windows Computers How To Password Miscellaneous Applications Information Holiday Gadgets Spam BDR Managed IT Services Saving Money Wi-Fi Social Media Telephone Systems Productivity Word Facebook Virtualization Mobile Device Passwords Office Flexibility Apps Vulnerability Two-factor Authentication Connectivity Managed Service Data Protection Operating System Mobility Settings Government App Mobile Device Management Avoiding Downtime Social Engineering Work/Life Balance Phishing Quick Tips Data Security Microsoft Office Keyboard Save Money Voice over Internet Protocol BYOD Upgrade Private Cloud Botnet VPN Paperless Office End of Support Remote Computing Telephony Business Intelligence Unsupported Software Windows 7 Managed IT Fraud Access Control Update Public Cloud Machine Learning Office Tips Virtual Assistant CES Data Storage Bring Your Own Device Telephone System OneNote Data Management Redundancy Content Management Employer-Employee Relationship IT Management Data Breach Legal Google Docs Software as a Service Sports Automation Comparison Blockchain HaaS Google Drive Bandwidth Spam Blocking Website Identity Theft Infrastructure Entertainment Encryption Health Networking Human Resources IT Plan Scam Remote Monitoring Servers Password Manager Electronic Medical Records Root Cause Analysis Title II Value Search Engine Virtual Reality HBO Safe Mode IBM FENG Staff Experience Cache Charger Warranty Conferencing Wireless Charging iPhone Techology Hacking HIPAA Wiring Marketing IT Consultant Cast HVAC Vendor Outlook Business Mangement Online Accountants Bing Worker Commute Supercomputer Internet exploMicrosoft Scalability Skype Millennials Wireless Internet Cleaning Printer Battery Emails Software Tips Cortana Automobile Solid State Drive Flash Multi-Factor Security Budget Devices Unified Threat Management Wireless Black Market Leadership Amazon Authentication Enterprise Content Management Display Frequently Asked Questions WiFi Gmail Hiring/Firing MSP Users Hybrid Cloud Search Meetings Telecommuting YouTube Help Desk Content Start Menu Workforce Digital Signature Music Wire Computer Care Mouse Education Travel Google Apps Audit Trending Thought Leadership Mobile Computing Amazon Web Services Nanotechnology Password Management Security Cameras Document Management Excel Recycling Risk Management File Sharing Information Technology How to Remote Work Practices Firewall Company Culture Workers Audiobook Tools Net Neutrality PDF Wearable Technology Administrator Computing Infrastructure Physical Security Video Games Computer Fan Sync Training Camera Online Shopping Smart Tech Patch Management NIST Hacker Best Practice Tip of the week eWaste Politics Augmented Reality Recovery Knowledge Data loss Hosted Computing Managing Stress Shortcuts Current Events Advertising Instant Messaging Downtime FCC USB Smart Office Samsung Microchip History Netflix Internet Exlporer The Internet of Things Specifications Addiction IT Support webinar Evernote Cryptocurrency Windows 10s Windows Server 2008 Criminal Remote Worker Network Congestion Screen Mirroring Credit Cards Inventory Big Data Social Apple Troubleshooting Transportation Wireless Technology Books Public Computer Loyalty Safety Benefits Managed Service Provider Worker Business Owner Hosted Solution SaaS Smart Technology Webinar Rootkit Emergency Employer Employee Relationship Two Factor Authentication Compliance CrashOverride IT solutions Twitter Save Time Computer Accessories Content Filtering Assessment Regulation Smartwatch Vendor Management Printers Bluetooth Shadow IT Television