2 min Security

Security researchers find 50 rogue apps in Google Play Store

Security researchers find 50 rogue apps in Google Play Store

Avast security researchers have found fifty rogue apps that passed Google’s security checks and ended up in the Google Play Store. The apps have been installed millions of times on Android devices.

The apps are related to lifestyle services, writes ZDNet. They pretend to be legitimate software, but are actually adware. The rogue apps have been downloaded a total of 30 million times. The apps are linked through third-party libraries, which “circumvent background service restrictions in newer Android versions”.

“Although the circumvention itself is not explicitly prohibited in the Play Store, Avast detects it as problematic because the apps that use these libraries waste the user’s battery and make the device slower,” said the researchers. “The applications use the libraries to constantly display more and more advertisements to the users, which is contrary to the Play Store rules.

Each app shows full size ads to users. In some cases, they try to get users to install additional applications with adware. The fifty malicious apps found include Pro Piczoo, Photo Bur Studio, Mov-tracker, Magic Cut Out and Pro Photo Eraser.

Two versions

Avast found two versions of the app malware on the platform. That malware is called TsSdk. The older version of the two has been installed 3.6 million times and was hidden in apps that offer simple games, photo customization and fitness systems.

If the apps were installed, they seemed legitimate. However, they would also deliver a number of shortcuts to unwanted pages or services on the Android device’s home screen. A number of apps were also able to add a shortcut to a “Game Center”, which opens a page with advertisements for other gaming software.

Newer versions of TsSdk were found in music and fitness apps, and were installed nearly 28 million times. The code is updated and encrypted. The malware only gets started when a victim first clicks on a Facebook ad. A feature in the Facebook SDK called “deferred deep linking” allows these apps to detect such activity. After clicking on an advertisement, the first few hours only extra advertisements will be shown. After that, it becomes less frequent and more arbitrary.

Avast has asked Google to remove the apps from the Google Play Store.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.