In a concerning revelation, cybersecurity researchers from Dr.Web have unearthed a cluster of Android apps on Google’s official Play Store that were not only bombarding users with unwanted ads but also surreptitiously enrolling them in premium services, all without their consent.
The researchers have reported that these insidious trojan apps, camouflaged as games, messengers, and wallpaper apps, were collectively installed approximately two million times, highlighting the extent of the issue.
These trojan apps primarily disseminated three well-known malware families – FakeApp, Joker, and HiddenAds. Once installed, they immediately underwent icon metamorphosis on the user’s device, often masquerading as innocuous apps like the Chrome browser. In more deceptive instances, these apps would completely vanish from the app drawer, giving users the impression of an empty space.
Once in the background, these trojans would covertly serve ads to victims through their web browsers, a strategy designed to yield substantial profits for the unscrupulous developers. Notably, the ads displayed included content such as casino websites and fake investment schemes, all in flagrant violation of Google’s policies.
The most notorious among these trojans that successfully evaded Google’s defenses and infiltrated the Play Store is “Super Skibydi Killer,” a gaming app with a staggering one million downloads. Other notable culprits include “Agent Shooter” (500,000 downloads), “Rubber Punch 3D” (500,000 downloads), and “Rainbow Stretch” (50,000 downloads).
In addition to the ad fraud, some of these apps would silently subscribe users to premium services without their knowledge. “Love Emoji Messenger” (Korsinka Vimoipan) with 50,000 downloads and “Beauty Wallpaper HD” (fm0989184) with 1,000 downloads are among such malicious apps.
While Google acted swiftly to remove all these apps from the Play Store, it’s essential to note that this action safeguards future potential victims. Users who have already downloaded these apps should immediately remove them from their devices to ensure their safety. If you suspect your device may have been compromised, be on the lookout for the following suspicious apps:
- Eternal Maze (Yana Pospyelova)
- Jungle Jewels (Vaibhav Wable)
- Stellar Secrets (Pepperstocks)
- Fire Fruits (Sandr Sevill)
- Cowboy’s Frontier (Precipice Game Studios)
- Enchanted Elixir (Acomadyi)
Vigilance and regular app reviews are crucial in safeguarding your mobile devices from such stealthy threats.