Google removes 29 apps from Play Store

Hemani Sheth Mumbai | Updated on July 29, 2020 Published on July 29, 2020

The apps were found to trigger unwanted ads in user devices

Google has removed 29 malicious apps from Play Store that contained adware, according to the White Ops Satori Threat Intelligence and Research Team.

“White Ops discovered 29 apps with code facilitating out-of-context (OOC) ads, as well as a pretty clever way to evade detection. The apps we investigated in the course of this research did not function as advertised, and had more than 3.5 million downloads among them,” the Satori team said.

White Ops’ investigation, dubbed CHARTREUSEBLUR, found that the majority of apps included the word “blur” in their package name. Many of these malicious apps were disguised as photo editors, allowing the user to blur sections of the image.

The Android apps ran out-of-context (OOC) ads and contained a code that made it difficult to detect them. The Satori team developed the report by analysing the Square Photo Blur app.

On being installed, the apps removed their launch icons from the user’s phone, making it difficult for an average user to remove them.

The apps “obfuscate the code — almost certainly to evade detection — using a three-stage payload evolution. In both Stages 1 and 2, the code appears innocent, but if there’s going to be ad fraud, the app needs to render the code to do so and the Satori team spotted it during Stage 3,” the report read.

After installation they would, trigger pop-up ads at regular intervals. Ads would also be triggered by various actions that users performed on their phones. A code would trigger these ads to pop up whenever a user unlocked the screen, started charging the phone or switched from cellular data to WiFi and vice versa, the report said.

The entire list of apps is available on the Satori website; users can check the list and remove these apps from their phones. The cybersecurity firm also advises users to check out reviews of apps before installing them.

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

Published on July 29, 2020
  1. Comments will be moderated by The Hindu Business Line editorial team.
  2. Comments that are abusive, personal, incendiary or irrelevant cannot be published.
  3. Please write complete sentences. Do not type comments in all capital letters, or in all lower case letters, or using abbreviated text. (example: u cannot substitute for you, d is not 'the', n is not 'and').
  4. We may remove hyperlinks within comments.
  5. Please use a genuine email ID and provide your name, to avoid rejection.