Google has removed 29 malicious apps from Play Store that contained adware, according to the White Ops Satori Threat Intelligence and Research Team.

“White Ops discovered 29 apps with code facilitating out-of-context (OOC) ads, as well as a pretty clever way to evade detection. The apps we investigated in the course of this research did not function as advertised, and had more than 3.5 million downloads among them,” the Satori team said.

White Ops’ investigation, dubbed CHARTREUSEBLUR, found that the majority of apps included the word “blur” in their package name. Many of these malicious apps were disguised as photo editors, allowing the user to blur sections of the image.

The Android apps ran out-of-context (OOC) ads and contained a code that made it difficult to detect them. The Satori team developed the report by analysing the Square Photo Blur app.

On being installed, the apps removed their launch icons from the user’s phone, making it difficult for an average user to remove them.

The apps “obfuscate the code — almost certainly to evade detection — using a three-stage payload evolution. In both Stages 1 and 2, the code appears innocent, but if there’s going to be ad fraud, the app needs to render the code to do so and the Satori team spotted it during Stage 3,” the report read.

After installation they would, trigger pop-up ads at regular intervals. Ads would also be triggered by various actions that users performed on their phones. A code would trigger these ads to pop up whenever a user unlocked the screen, started charging the phone or switched from cellular data to WiFi and vice versa, the report said.

The entire list of apps is available on the Satori website; users can check the list and remove these apps from their phones. The cybersecurity firm also advises users to check out reviews of apps before installing them.

Related Topics
comment COMMENT NOW