10 Apps Packed Full Of ‘Aggressive’ Adware Pulled From Google Play

Duncan MacRae is former editor and now a contributor to TechWeekEurope. He previously edited Computer Business Review's print/digital magazines and CBR Online, as well as Arabian Computer News in the UAE.

Follow on:

Bitdefender warns that the mobile adware resembles that found on PCs, delivering a barrage of ads

As many as 10 apps have been removed the Google Play store after they were found to be packed full of aggressive adware, antivirus solutions provider Bitdefender has crevealed.

These either install additional apps that incorporate even more ads or subscribe users to premium-rate numbers using scareware messages.

Hard to uninstall

The apps (including the ‘What is my ip?’ app that is currently still available on Google Play) were designed to use a different name when installed to give users a hard time identifying and uninstalling them.

Catalin Cosoi, chief security strategist at Bitdefender, said: “Once installed, these apps create a desktop shortcut named ‘System Manager’. Even if someone figures out that one of these apps is responsible for all the browser redirects and scareware messages, they’ll have a hard time locating and uninstalling the app as it hides under the misleading new name. Less tech-savvy users will likely be thrown off the scent, with the app remaining installed and running indefinitely.”

Google PlayIt is possible the apps may have circumvented Google’s vetting due to the URL used to redirect users not actually disseminating malicious .apk files. Its purpose is to redirect browsers,  Android’s native browser, Chrome, Firefox, Facebook or even TinyBrowser, to a specially created URL that navigates users from one ad-displaying website to another.

Cosoi explained: “Although they’re not malicious per se, by broadcasting sensitive user information to third parties, they resemble aggressive adware found on desktop PCs. The resulting barrage of pop-ups, redirects and ads irks users and seriously damages both the user experience and the performance of Android devices.”

For each browser search, clicked URL, or Facebook-opened link, users are redirected to a webpage (http://www.mobilsitelerim.com/anasayfa) that displays a variety of geolocation-specific ads intended to either scare viewers into subscribing to premium-rate numbers, for an alleged security subscription, or trick them into installing more adware disguised as system or performance updates.

These ill-intended apps only require two permissions, Network Communication and System Tools, but can still cause a sizeable headache and trick users into downloading device-clogging apps and adware.

Bitdefender detects the apps as Android.Trojan.HiddenApp.E, and strongly encourages Android users to install a security solution that can detect malware and aggressive adware to prevent them affecting their device.

Although the apps have not been named, their application labels and their md5 hashes, are detailed below:

f2d57300d5f991dbc965ac092d5f4301 com.alm.alm

c1d7afa5c4eb0b8e3c0292eadf98771e com.tr.dum.dum
16967bea7d3dcb08c12220925ef6f030 com.est.hk
cb9d3ff0eea162dd602eefe7b08ded49 com.est.esteban
dbc99ba3241f943cc9e58870f0e40b34 com.brer.brer
51bc232de9af3f34a58d824da86a70bc com.tr.ipp
996c4a1525729466d87edf85cbbdf5de com.who.myip.detect
6f37bd3c286440e37103ee8b67aca7d6 com.tf.fed
47b863625a8022399247fc92c4d5d178 com.esc.escd
e1ccb51569635415e66af16cbdd94ddc com.esc.escde

 

Are you an expert on mobile apps? Take our quiz to find out!