In a concerning revelation, cybersecurity researchers from Dr.Web have unearthed a cluster of Android apps on Google’s official Play Store that were not only bombarding users with unwanted ads but also surreptitiously enrolling them in premium services, all without their consent.
The researchers have reported that these insidious trojan apps, camouflaged as games, messengers, and wallpaper apps, were collectively installed approximately two million times, highlighting the extent of the issue.
These trojan apps primarily disseminated three well-known malware families – FakeApp, Joker, and HiddenAds. Once installed, they immediately underwent icon metamorphosis on the user’s device, often masquerading as innocuous apps like the Chrome browser. In more deceptive instances, these apps would completely vanish from the app drawer, giving users the impression of an empty space.