Trend Micro has discovered 85 adware applications in the Google Play Store. The apps, which Google has removed following a report from the company, have already been downloaded more than 8 million times by Android users.

With mobile adware, intrusive advertising has been incorporated into what appear to be innocent apps. This could be, for example, games in which advertisements appear on the user’s device. The advertising revenues then disappear into the pockets of cyber criminals. The adware apps discovered by Trend Micro use a variety of methods to achieve this.

For example, the apps work in a way that bypasses detection. They have a timer, which starts immediately after they are installed on a user’s device. The adware then remains inactive for 30 minutes. This helps to hide the adware from mobile antivirus programs. If apps start to show unusual activities soon after downloading, they are often quarantined by antivirus apps.

“Each time the user unlocks the device, the adware performs several checks. () These checks allow the adware app to determine whether the app has been installed on the device long enough,” writes Ecular Xu, mobile threat response engineer at Trend Micro, in a blog post. “To bypass detection, the app uses Java reflection – which allows the runtime behavior of an application to be inspected or changed – and encodes the API strings in base64.

Removal more difficult, remote control possible

The adware is not only slickly put together, it is also difficult to remove. During installation, these types of apps replace their icon on the Android Home screen with a shortcut. Unlike when deleting other apps, dragging the shortcut to the trash doesn’t work.

The apps also give their creators the opportunity to manage their advertisements remotely. Cybercriminals, for example, can display ads more often than in a standard Android app. They can also ensure that a certain vein does not pass several times in a row.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.