Adware on Play Store Disguises Android Devices as iPhones for More Profit
CYBER NEWS

Adware on Play Store Disguises Android Devices as iPhones for More Profit

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

22 Android apps were removed from Google Play Store because they were involved in a rather untraditional adware operation. The compromised apps were performing click fraud while disguising the Android devices as iPhones to trick online advertisers. Researchers dubbed the adware Andr/Clickr-ad.




The malicious operation probably started around June this year, security researchers from Sophos Labs said. The reason for the unusual behavior was rather trivial – ad networks appraise traffic from Apple devices higher than traffic from Android devices, and by masking the true nature of the Android devices, fraudsters were after higher click profits.

Related: 1.7 Million Windows Computers Enslaved by 3ve Click Fraud Operators

The 22 Apps Were Downloaded 2 Million Times

Apparently, Sophos security researchers were the first to locate the apps. Google was accordingly notified about this discovery.

The 22 compromised apps have been downloaded more than 2 million times from Google Play Store. Among them, the most popular app was Sparkle, an Android flashlight application which alone was downloaded more than 1 million times.

It should be noted that 3 of the applications were created in 2016 and 2017. Earlier versions appeared to be clean before the June releases. This may mean that the app developer decided to change the applications’ monetization strategy, the researchers suggest. This particular adware campaign for Android seems to be more aggressive than previously detected adware families.

In technical terms, the adware has been designed to restart itself after 3 minutes in case the user closed its process. The Andr/Clickr-ad adware would also start a hidden browser window, alter the browser’s UserAgent string to an iPhone, access particular pages, and imitate clicks on ads displayed on the page, thus generating click profit. The adware was also capable of downloading and running other files on the infected devices, but researchers say this feature was not used.

In 2017 alone, the Google team

took down more than 700,000 apps that violated the Google Play policies, 70% more than the apps taken down in 2016.

Avatar

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...