Recently Bitdefender claimed that it has identified 10 Google Play apps fully packed with aggressive adware aimed to either subscribe users to premium-rated numbers via scareware messages or install additional apps that come with more ads.
These Android apps (including “What is my ip?” app available on Google Play even now) were crafted to use a different app name when installed. This way, they are hard to identify and, of course, uninstall.
Once the apps are installed, they automatically create a desktop shortcut called “System Manager.” And if someone is able to figure out that one of such apps is responsible for most browser redirects and scareware messages, they still would have a hard time locating and then uninstalling the app from the Application Manager menu. This is because it hides under a vague new name and not it’s original name from Google Play. So if less tech-savvy users install “What is my ip?”, the app could be running indefinitely on their device.
Probably, one of the reasons why these Android applications could circumvent Google’s vetting is because the URL used by them to redirect users doesn’t actually disseminate any malicious .apk files. Its main purpose is to simply redirect browsers – including Android’s default browser, Chrome, Firefox, Facebook and even TinyBrowser – to a specially created URL that tosses mobile device users around from one ad-displaying site to another.
For every browser search, clicked URL, or Facebook-opened link, mobile phone users are redirected to a certain page (http://www.mobilsitelerim.com/anasayfa – but be careful if you dare to click on it!). This page displays many geolocation-specific advertisements that are intended to either scare users into subscribing to a premium-rated numbers – for an alleged security subscription – or the ads may try to trick them into installing malicious adware that are disguised as operating system updates.
These malicious apps require just two permissions – Network Communication and System Tools. However, they can cause massive headaches and ultimately may trick users to download unwanted apps and adware. Apparently, these apps are not as dangerous as spywares which sells or give away sensitive user information to third parties. They are more like those aggressive adware found on desktop computers. Their main intention appears to be earning revenue from serving users annoying ads.
Over the last two years, aggressive adware has developed from being in-app ads and adware SDKs, to web browser redirects. Now they are capable of even running apps at system start-up just like a legitimate app.
So next time when you download some security app on your Android device, check it thoroughly: is it a real app or just one more trap of unknown hackers?