Bitdefender warns that the mobile adware resembles that found on PCs, delivering a barrage of ads
As many as 10 apps have been removed the Google Play store after they were found to be packed full of aggressive adware, antivirus solutions provider Bitdefender has crevealed.
These either install additional apps that incorporate even more ads or subscribe users to premium-rate numbers using scareware messages.
Hard to uninstall
The apps (including the ‘What is my ip?’ app that is currently still available on Google Play) were designed to use a different name when installed to give users a hard time identifying and uninstalling them.
Catalin Cosoi, chief security strategist at Bitdefender, said: “Once installed, these apps create a desktop shortcut named ‘System Manager’. Even if someone figures out that one of these apps is responsible for all the browser redirects and scareware messages, they’ll have a hard time locating and uninstalling the app as it hides under the misleading new name. Less tech-savvy users will likely be thrown off the scent, with the app remaining installed and running indefinitely.”
It is possible the apps may have circumvented Google’s vetting due to the URL used to redirect users not actually disseminating malicious .apk files. Its purpose is to redirect browsers, Android’s native browser, Chrome, Firefox, Facebook or even TinyBrowser, to a specially created URL that navigates users from one ad-displaying website to another.
Cosoi explained: “Although they’re not malicious per se, by broadcasting sensitive user information to third parties, they resemble aggressive adware found on desktop PCs. The resulting barrage of pop-ups, redirects and ads irks users and seriously damages both the user experience and the performance of Android devices.”
For each browser search, clicked URL, or Facebook-opened link, users are redirected to a webpage (http://www.mobilsitelerim.com/anasayfa) that displays a variety of geolocation-specific ads intended to either scare viewers into subscribing to premium-rate numbers, for an alleged security subscription, or trick them into installing more adware disguised as system or performance updates.
These ill-intended apps only require two permissions, Network Communication and System Tools, but can still cause a sizeable headache and trick users into downloading device-clogging apps and adware.
Bitdefender detects the apps as Android.Trojan.HiddenApp.E, and strongly encourages Android users to install a security solution that can detect malware and aggressive adware to prevent them affecting their device.
Although the apps have not been named, their application labels and their md5 hashes, are detailed below:
Are you an expert on mobile apps? Take our quiz to find out!