Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Aggressive adware still being seen in Android apps

BitDefender UK : 27 February, 2015  (Technical Article)
Google play is still hosting apps that are riddled with aggressive adware, warns Bitdefender
Aggressive adware still being seen in Android apps

Bitdefender has discovered 10 Google Play apps that have been packed full of aggressive adware. These either subscribe users to premium-rate numbers using scareware messages or install additional apps that incorporate even more ads.

The apps (including the ‘What is my ip?’ app that is currently still available on Google Play) were designed to use a different name when installed to give users a hard time identifying and uninstalling them.

Catalin Cosoi, Chief Security Strategist at Bitdefender, states, “Once installed, these apps create a desktop shortcut named ‘System Manager’. Even if someone figures out that one of these apps is responsible for all the browser redirects and scareware messages, they’ll have a hard time locating and uninstalling the app as it hides under the misleading new name. Less tech-savvy users will likely be thrown off the scent, with the app remaining installed and running indefinitely.”

One reason the apps may have circumvented Google’s vetting is because the URL used to redirect users doesn’t actually disseminate malicious .apk files. Its purpose is to redirect browsers – Android’s native browser, Chrome, Firefox, Facebook or even TinyBrowser – to a specially created URL that navigates users from one ad-displaying website to another.

Catalin Cosoi adds, “Although they’re not malicious per se, by broadcasting sensitive user information to third parties, they resemble aggressive adware found on desktop PCs. The resulting barrage of pop-ups, redirects and ads irks users and seriously damages both the user experience and the performance of Android devices.”

For each browser search, clicked URL, or Facebook-opened link, users are redirected to a webpage that displays a variety of geolocation-specific ads intended to either scare viewers into subscribing to premium-rate numbers, for an alleged security subscription, or trick them into installing more adware disguised as system or performance updates.

These ill-intended apps only require two permissions, Network Communication and System Tools, but can still cause a sizeable headache and trick users into downloading device-clogging apps and adware.

At the time of writing, some of the apps are still available on Google Play. Bitdefender detects them as Android.Trojan.HiddenApp.E, and strongly encourages Android users to install a security solution that can detect malware and aggressive adware to prevent them affecting their device.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo