DatCom Blog

Infected Applications Removed from Google Play Store

Infected Applications Removed from Google Play Store

We all download apps. There are literally millions of apps to choose from and sometimes nefarious developers can get their application published with ulterior motives. A situation has just happened as Google has removed twenty-two apps that were found to contain automated click-fraud scripts from the Google Play Store. We’ll take a short look at what these developers were up to, and how the fraudster would affect you if you were one of the two million users that happened to download these apps.

What Apps?
First, we’ll start with a complete list of the apps that had been infested with this nefarious code:

  • Sparkle FlashLight
  • Snake Attack
  • Math Solver
  • ShapeSorter
  • Tak A Trip
  • Magnifeye
  • Join Up
  • Zombie Killer
  • Space Rocket
  • Neon Pong
  • Just Flashlight
  • Table Soccer
  • Cliff Diver
  • Box Stack
  • Jelly Slice
  • AK Blackjack
  • Color Tiles
  • Animal Match
  • Roulette Mania
  • HexaFall
  • HexaBlocks
  • PairZap

What Did These Apps Do?
SophosLabs found a cache of apps that feature what they call “Andr/Clickr-ad” malware. These applications are engineered with maximum flexibility in mind. They could contact a common attacker-controller server to download what is called an ad-fraud module. It does this every 80 seconds. The malware simply opened a non-visible window and would repeatedly click on ads, making the network look like it was getting more traffic, fraudulently enhancing the developers’ revenue.

No specific ad network was specified by Sophos, but users who had downloaded these applications would see a decrease in the battery life and/or an increase in the amount of data their device would use. One strange part of this is that some of the ad traffic was able to identify itself as from coming from iPhones, despite this appearing on Android-only apps. They came from “Apple models ranging from iPhone 5 to 8 Plus and from 249 different forged models from 33 distinct brands of Android phones.” This ploy was used as a way to increase revenues further as some advertisers will pay a premium to get their ads onto Apple devices. iOS versions of the apps, largely by the same developers, didn’t have the malicious code integrated.

Download Legit Apps
How can you go about making sure that you aren’t part of this problem? Download legitimate applications. Some of the best ways to make sure the apps you are downloading are legit, include:

  • Read a lot of reviews - Much of the information you will need to see the legitimacy of an application can be found in the review of the app in the store. If you make a point to read eight or more reviews, you will quickly get a good idea about how functional the application is.
  • Check app permissions - Applications need permission from a user to use the core functions of the phone. If the application in question tends to need access to functions that it shouldn’t, you should be skeptical about the application.
  • Check the terms and conditions - Most people don’t go through the terms and conditions of anything, let alone an application for their smartphone. Even if you do make a point to read them, the amount of legalese found is akin to a lullaby or a warm glass of milk. The problem for users is that there is a lot of good information about the applications, and specifically how it uses data. If you do set aside some time to read about it, check out some language that is relevant to the way you use the application.
  • Research the developer - Nowadays, software development is filled with people that are looking to make a name for themselves. This type of ambition can lead to bad decision making. If you take some time to do some basic research about the developer of an app you have reason to question, you’ll likely find the truth of whether they can be trusted or not. If they want to be known, they likely promote their work via social media, so, start there.

Android has millions of legitimate applications on the Google Play Store, so worrying whether or not you’ve downloaded one that will put your data at risk shouldn’t be too worrisome as long as you stick to our best practices. To learn more about technology, security, and mobile strategies, call DatCom today at 903-842-2220.

An IT Christmas Carol
Tip of the Week: Locating a Misplaced Smartphone
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, March 27 2019

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Technology Best Practices Privacy Cloud Business Computing Hosted Solutions Network Security Google User Tips Hackers Microsoft Productivity Tech Term Malware Internet Software Workplace Tips Backup Hardware Business Mobile Devices Email Innovation Data Backup Communications Data Smartphones VoIP Android Data Recovery Business Continuity Efficiency IT Services Cloud Computing Small Business Smartphone Router Cybersecurity Communication Disaster Recovery Computer Managed IT Services Ransomware Windows 10 Network Windows Cybercrime Browser Business Management Law Enforcement IT Support Windows 10 Chrome Artificial Intelligence Alert Internet of Things Outsourced IT Server How To Gadgets Miscellaneous Applications Computers Password Mobile Device Office 365 Money Collaboration Managed IT Services Wi-Fi Operating System Phishing Word Saving Money Virtualization Social Media Information Holiday Quick Tips Productivity BDR Spam Facebook Passwords Telephone Systems Keyboard Avoiding Downtime Government App Work/Life Balance Data Security Microsoft Office Encryption Save Money BYOD Paperless Office Flexibility Apps Vulnerability Connectivity Voice over Internet Protocol Health Managed Service Mobility Social Engineering Two-factor Authentication Office Settings Private Cloud Mobile Device Management Data Protection IT Management CES Redundancy Employer-Employee Relationship Software as a Service Office Tips Data Management Public Cloud Scam Networking Legal Sports Remote Monitoring Google Drive Content Management Spam Blocking Augmented Reality Google Docs HaaS Net Neutrality Comparison IT Plan Blockchain Cryptocurrency Entertainment Servers Identity Theft Website Bring Your Own Device Infrastructure Botnet Unsupported Software Human Resources Automation Telephony Windows 7 Remote Computing VPN Data Breach Upgrade Managed IT Machine Learning Business Intelligence Virtual Assistant Fraud Access Control Data Storage Bandwidth Update Meetings Telephone System End of Support OneNote Education Password Management iPhone Security Cameras Techology USB Samsung Audit Amazon Authentication Content Thought Leadership Marketing Mobile Computing Current Events Multi-Factor Security Company Culture Telecommuting Excel File Sharing WiFi Gmail Workforce Physical Security Digital Signature Document Management Internet exploMicrosoft Proactive IT Big Data Travel Google Apps Tools How to Administrator Trending Computing Infrastructure NIST Hacker Value Computer Fan Amazon Web Services Sync Nanotechnology Audiobook Camera Wireless Electronic Medical Records Biometric Security Managing Stress Shortcuts Experience Charger Remote Work Tip of the week Practices Video Games Users Hybrid Cloud IBM Knowledge Data loss Recycling Netflix PDF Best Practice Save Time ISP Downtime Workers Recovery Smart Office Microchip HIPAA webinar History Smartwatch The Internet of Things Online Shopping Smart Tech Instant Messaging Addiction Social Cleaning Windows 10s Windows Server 2008 Hosted Computing Remote Worker Information Technology Supercomputer Network Congestion Screen Mirroring eWaste IT Support Budget FCC HBO Cryptomining Root Cause Analysis Search Engine Conferencing Specifications Virtual Reality Safe Mode Employee FENG Evernote Cache Warranty Hiring/Firing HVAC Vendor Music Computer Care Credit Cards Inventory Wiring IT Consultant Cast Criminal Bing Title II Outlook Hacking Advertising Database Password Manager Emails Software Tips Staff Worker Commute Internet Exlporer Digital Signage Firewall Wireless Charging Skype Wireless Internet Printer Risk Management Battery Enterprise Content Management Apple Display Wearable Technology Solid State Drive Flash Scalability Devices Unified Threat Management Leadership YouTube Help Desk Training Online Frequently Asked Questions Accountants Automobile MSP Business Technology Patch Management Business Mangement Black Market Millennials Google Search Cortana Start Menu Search Wire Mouse Politics Safety Vendor Management IT solutions Compliance Television CrashOverride Bluetooth Managed Service Provider Troubleshooting Twitter Transportation Regulation Books Public Computer Loyalty Printers Benefits Worker Shadow IT Hosted Solution SaaS Smart Technology Rootkit Wireless Technology Emergency Employer Employee Relationship Two Factor Authentication Webinar Business Owner Content Filtering Assessment Computer Accessories