Kaspersky found three popular mobile apps compromised in three monthsTime: Jun. 1, 2020
Kaspersky researchers have discovered that the number of applications that can bombard users with unwanted ads is increasing in official markets. In just three months, three new apps with ad modules were found in the Google Play Store, which could affect millions of users.
Adware, a form of unwanted software that delivers advertisements to users, has been one of the most popular non-viral threats for years. The monetization methods used in this software can be a threat to users and always generate more revenue for developers due to increased audience. They are adapting new techniques to make detection of such display modules more difficult for both users and cybersecurity technologies. While threats targeting mobile users generally spread across multiple infected websites or unofficial app stores, the revenue from these activities is attractive, leading developers to increase the number of potential victims to whom can be addressed. As a result, these applications can sometimes enter official app stores, as was the case with the examples found by Kaspersky.
Recent discoveries have shown that the use of this method may have increased. Kaspersky researchers found three applications with advertising modules inserted in official markets. One, a popular interactive quiz with millions of downloads, used a post-install delay before displaying ads that researchers have seen in other ad applications. This long delay between the app installation and the appearance of the first ad made it much more difficult for the user to find the culprit for all the ads that suddenly appeared on the screen. This technique is often used to defeat automatic protection mechanisms, such as sandboxes in app stores. The developer of the interactive test application immediately removed the adware module as soon as it was informed.
The other analyzed applications represent almost 100 million downloads. While performing their core functions, they also send field announcements to users as soon as the smartphone is unlocked, whether the app is running or not. At the time of this publication, the developers of these two applications were contacted and did not respond to requests to remove the adware module.
Adware distribution is not always deliberate, and even legitimate applications can be vulnerable and deliver unwanted ads without your knowledge. In most cases, this is due to the use of SDKs (adware development kits) and the lack of testing of an integrated ad library. As a result, the advertising modules are included in the final code of the applications.
To protect yourself against adware, Kaspersky recommends: Immediately remove an abnormally functioning application displaying unwanted ads; Always check the app's permissions before installing it to determine what they can access and what they can do on a device. Use a reliable mobile security solution, such as Kaspersky Internet Security for Android, that can detect a wide variety of threats, including adware.