The researchers also found that the apps would check to see if an affected device was connected to Google’s servers in an effort to prevent detection. “The adware functionality is the same in all the apps we analyzed,” said Lukas Stefanko, one of ESET’s security researchers.
In the background, the apps were also sending back data about the user’s device - including if certain apps are installed and if the device allows apps from non-app store sources - which could be used to install more malicious software on a device. The adware-infected apps will also mimic Facebook and Google’s apps to avoid suspicion, likely as a way to detract from the actual ad-serving app and keep the app on the device for as long as possible. Often the apps will delete their shortcut icon, making it more difficult to remove. Once an unsuspecting user installs an adware-infected app, the app will serve full-screen ads on the device’s display at semi-random intervals. Security researchers have found dozens of Android apps in the Google Play store serving ads to unsuspecting victims as part of a money-making scheme.ĮSET researchers found 42 apps containing adware, which they say have been downloaded more than 8 million times since they first debuted in July 2018.
