Cybersecurity researchers at Dr.Web have uncovered a group of Android apps that were silently subscribing users to premium services while bombarding them with ads. These trojan apps were discovered on Google’s official Play Store and had been collectively downloaded approximately two million times.
Disguised as games, messaging apps, and wallpaper apps, among others, these malicious apps predominantly distributed three well-known malware families: FakeApp, Joker, and HiddenAds.
Upon installation, the apps would immediately change their icons to something that users would hesitate to remove, such as the Chrome browser. In some cases, the trojans would even completely remove their icons, making it seem like an empty space in the app drawer.
Once active in the background, the apps would deliver ads to the victims through their browsers, generating significant profits for the developers. These ads included prohibited content such as casino websites and fake investments, violating Google’s policies.
The most concerning app that managed to surpass Google’s defenses and make its way into the Play Store was Super Skibydi Killer, a game app that had already amassed one million downloads. Other notable malicious apps included Agent Shooter (500,000 downloads), Rubber Punch 3D (500,000 downloads), and Rainbow Stretch (50,000 downloads).
Additionally, some of the apps secretly subscribed victims to premium services without their knowledge. Examples of such apps were Love Emoji Messenger (Korsinka Vimoipan) with 50,000 downloads and Beauty Wallpaper HD (fm0989184) with 1,000 downloads.
While Google has promptly removed all of these apps from the Play Store, those who had already downloaded them remain at risk unless they remove the apps from their devices. In case of suspicion of compromise, users should also look out for apps like Eternal Maze (Yana Pospyelova), Jungle Jewels (Vaibhav Wable), Stellar Secrets (Pepperstocks), Fire Fruits (Sandr Sevill), Cowboy’s Frontier (Precipice Game Studios), and Enchanted Elixir (Acomadyi).
For more information on this topic, the original article can be found on BleepingComputer.
I have over 10 years of experience in the cryptocurrency industry and I have been on the list of the top authors on LinkedIn for the past 5 years. I have a wealth of knowledge to share with my readers, and my goal is to help them navigate the ever-changing world of cryptocurrencies.