22 Android apps were removed from Google Play Store because they were involved in a rather untraditional adware operation. The compromised apps were performing click fraud while disguising the Android devices as iPhones to trick online advertisers. Researchers dubbed the adware Andr/Clickr-ad.
The malicious operation probably started around June this year, security researchers from Sophos Labs said. The reason for the unusual behavior was rather trivial – ad networks appraise traffic from Apple devices higher than traffic from Android devices, and by masking the true nature of the Android devices, fraudsters were after higher click profits.
The 22 Apps Were Downloaded 2 Million Times
Apparently, Sophos security researchers were the first to locate the apps. Google was accordingly notified about this discovery.
The 22 compromised apps have been downloaded more than 2 million times from Google Play Store. Among them, the most popular app was Sparkle, an Android flashlight application which alone was downloaded more than 1 million times.
It should be noted that 3 of the applications were created in 2016 and 2017. Earlier versions appeared to be clean before the June releases. This may mean that the app developer decided to change the applications’ monetization strategy, the researchers suggest. This particular adware campaign for Android seems to be more aggressive than previously detected adware families.
In technical terms, the adware has been designed to restart itself after 3 minutes in case the user closed its process. The Andr/Clickr-ad adware would also start a hidden browser window, alter the browser’s UserAgent string to an iPhone, access particular pages, and imitate clicks on ads displayed on the page, thus generating click profit. The adware was also capable of downloading and running other files on the infected devices, but researchers say this feature was not used.
In 2017 alone, the Google teamtook down more than 700,000 apps that violated the Google Play policies, 70% more than the apps taken down in 2016.