Home > Cyber News > Adware on Play Store Disguises Android Devices as iPhones for More Profit

Adware on Play Store Disguises Android Devices as iPhones for More Profit

22 Android apps were removed from Google Play Store because they were involved in a rather untraditional adware operation. The compromised apps were performing click fraud while disguising the Android devices as iPhones to trick online advertisers. Researchers dubbed the adware Andr/Clickr-ad.

The malicious operation probably started around June this year, security researchers from Sophos Labs said. The reason for the unusual behavior was rather trivial – ad networks appraise traffic from Apple devices higher than traffic from Android devices, and by masking the true nature of the Android devices, fraudsters were after higher click profits.

Related: [wplinkpreview url=”https://sensorstechforum.com/1-7-million-windows-computers-3ve-click-fraud/”]1.7 Million Windows Computers Enslaved by 3ve Click Fraud Operators

The 22 Apps Were Downloaded 2 Million Times

Apparently, Sophos security researchers were the first to locate the apps. Google was accordingly notified about this discovery.

The 22 compromised apps have been downloaded more than 2 million times from Google Play Store. Among them, the most popular app was Sparkle, an Android flashlight application which alone was downloaded more than 1 million times.

It should be noted that 3 of the applications were created in 2016 and 2017. Earlier versions appeared to be clean before the June releases. This may mean that the app developer decided to change the applications’ monetization strategy, the researchers suggest. This particular adware campaign for Android seems to be more aggressive than previously detected adware families.

In technical terms, the adware has been designed to restart itself after 3 minutes in case the user closed its process. The Andr/Clickr-ad adware would also start a hidden browser window, alter the browser’s UserAgent string to an iPhone, access particular pages, and imitate clicks on ads displayed on the page, thus generating click profit. The adware was also capable of downloading and running other files on the infected devices, but researchers say this feature was not used.

In 2017 alone, the Google team [wplinkpreview url=”https://sensorstechforum.com/700000-malicious-apps-google-play-2017/”]took down more than 700,000 apps that violated the Google Play policies, 70% more than the apps taken down in 2016.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree