Malware researchers have found two Android apps on the Google play store with over 1.5 million downloads, using a hidden click fraud adware that decreases the performance of phones, increases data consumption, and drains the battery faster.
Uninstall These Two Apps From Your Android Right Now!
The two applications by Developer “Idea master” are Idea Note: OCR Text Scanner, GTD, Color Notes, and “Beauty Fitness: daily workout, best HIIT coach.” The malware-loaded applications managed to get more than 1.5 million total downloads over the year and were not detected by the Play store as a virus.
According to Symantec, both of the applications by Idea master were packed using legitimate packers that are developed to protect the intellectual property of Android apps.
The entire structure and flow of an Android package kit (APK) can be changed by Android Packers, and this increases the complexity for security researchers to track the APK’s behavior. This clearly shows how smartly the developer managed to inject adware in its application and remained undetected.
The applications after installation would send notifications using the notification drawer on the android device. When clicked, the toast notifications are used to display a hidden view containing advertisements.
The ads would appear outside the view of your display, which means that ads were running in the background without your knowledge. Idea master coded an automated ad clicking process that would generate ad revenue in the background, and the users certainly have no idea about this.
All thanks to Symantec who tracked down the malicious behavior of the applications and informed Google about the adware applications on Play store. However, Google has removed the apps from the Play store immediately and also deleted the developer’s account.
Hence, Play store’s security has been questioned again as a lot of adware makes their way to the Play store without getting detected. Recently Kaspersky researchers discovered malware in a popular Camscanner app which had been taken down by Google already.