Recently Bitdefender has discovered 10 apps from Google Play which have been packed with aggressive adware. That adware does two main things – it subscribes users to premium-rate numbers by using scare ware messages or it installs additional apps that can incorporate more ads. The apps are designed in such a way as to use a different name when being installed in order to make their identification very hard.
Info by Bitdefender
The Chief Security Strategist at Bitdefender Catalin Cosoi confirmed that these apps act by creating a shortcut that is named System Manager. In that way even if users understand that one of the apps is the reason behind the scare ware messages and the browser redirects, it will be very difficult for them to locate and to uninstall the apps that are causing the troubles as they hide under a false name. In that way the users who are not very keen on new technologies will not be able to cope with these apps and they will remain installed and will run on the device for indefinite time.
The apps may have stayed hidden from the Google’s vetting for many reasons, one of the reasons being the URL which used to redirect users and did not disseminate the .apk files that were malicious. The purpose of the URL here is to redirect the browsers, including the native browser of Android Chrome, as well as Firefox, Facebook and TinyBrowser, to specially created URL which navigates the users from one website to another that displays ads.
These redirections are not malicious in nature, yet they are set to broadcast sensitive information that concerns the users to third parties which resemble aggressive adware that is found on the desktop of the PCs. This results into browser redirects, pop-ups and ads irks and in fact damages the overall performance of the Android devices and the experience of the user.
In other words, every time the users open a link through Facebook, click on a URL or make a browser search, they are redirected to a webpage that presents them with ads that are especially picked thanks to the users’ geolocation. The aim is to trick the users into installing adware that is disguised as performance or system update or to scare them into subscribing to premium-rate numbers for better security subscription.
The users should know that these aggressive apps require two permissions – System Tools and Network Communication. Even so, they can easily trick the users into downloading apps and adware that can block the device and cause troubles.