Google is having a hard time getting rid of malicious Android apps

Poor Google…

The IT security researchers at SophosLabs have discovered that Google Play Store currently has as many as 47 apps that contain adware and are being downloaded at an alarmingly fast pace – This is quite troubling as the adware contained in these apps is quite persistent and does not seem to go away no matter what you do.

Google’s relentless effort to bring the apps down

Google has been fighting relentlessly to take down these fake apps that hide malicious adware which constantly keep displaying ads on one’s Android Home screen no matter what. That is, even if the user tries to force close the advertisements, the ads do not go away.

Up till now, the 47 apps have been downloaded up to 6 million times as identified by researchers of the SophoLabs.

More:  Hundreds of Malicious Android Apps Masked as Anti-virus Software

The third-party library

Research shows that the apps which hide these types of adware are using a third-party library called the MarsDae. The MarsDae library is configured as such that even if the user tries to force close the ad, it will not stop popping up on the home screen.

Also, even if you try to wipe out your memory, the ads will keep on display on the screen.

The MarsDae library supports Android versions from 2.3 till 6 and is also compatible with other mobile devices including Samsung, Huawei, Mizu, Mi, and Nexus.

Snap Pic Collage Color Splash

Now deleted Snap Pic Collage Color Splash (cache view) is one of the apps that was tested by SophoLabs. The app contains the adware and has been downloaded around 50,000 to 100,000 times.

Snap Pic Collage Color Splash’s reviews

How does it work?

According to researchers, the library has a built-in algorithm that deploys a number of processes which keep on repeating themselves. Whenever a process is run, a file gets locked.

Essentially, if there is a Process A, it will create a file a2 and will keep checking if Process B has created another file b2.

If b2 has been created, it implies that file b1 has been locked and Process A deletes file b2 with Process B deleting a2 simultaneously. This iterative process prevents the user to stop the ads from appearing even after force closing the app.

Recommendations

It is recommended that people use legitimate anti-virus software to protect themselves from such adware which is growing quite common in the Android space. In fact, just recently, it has been reported by RiskIQ that a number of apps claiming to be anti-malware solutions contain ransomware that activates once the user installs the app.

Also, previously, researchers at Zscaler identified that a certain malware acts as an Application Package or APK masqueraded as a cleaner app called K’s cleanerOnce installed, the user is tricked into installing an update which subsequently leads to another APK being downloaded which then causes ads to keep displaying on your home screen.

It is therefore not surprising to see that such adware campaigns are starting to become more and more common nowadays.

More:  WannaCry Copycat 'WannaLocker' Ransomware Hits Android Devices

DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.