Several apps in Google’s marketplace have been found to bundle aggressive advertising tactics designed to direct the user to locations with risk potential.
It was discovered that in some cases the advertisements pointed to websites promising subscriptions to premium-rate numbers or displayed scareware-type notifications that led to installation of other apps, with even more ads.
Redirection would occur every time users would perform a browser search (Android browser, Chrome, Firefox, TinyBrowser), click on a link or load a URL from Facebook. They would be taken to a page that served geo-location sensitive advertisements.
Apps install under a different name
The researchers at Bitdefender say that the nefarious activity was encountered in a total of ten apps hosted in Google Play and that one reason they were accepted could be the fact that none of the links they directed to hosted malicious software.
Since there is good money in advertising, using social engineering to trick the user into installing ad-spewing software is enough to generate a hefty revenue stream. This strategy is also less likely to catch attention than when using malware.
The crooks relied on deceptive tactics to ensure the persistence of the risky applications on the victim’s device.
Bitdefender security researcher Liviu Arsene says that the apps would be installed under a different name, “System Manager,” than the one displayed in Google Play.
Small list of permissions, big headache
Tracing the cause of the redirects to an app is a difficult task itself for the average Joe, but should one be successful at it, they would have a tough time finding the culprit on the list of installed software. Another thing to consider is that plenty of users add and remove apps on a frequent basis.
“These ill-intended apps only require two permissions - Network Communication and System Tools - but can still cause massive headaches and potentially trick users into downloading device-clogging apps and adware,” Arsene says.
He adds that on Thursday most of the apps were still available on Google Play, one of the examples being “What is my ip?” app.
However, it seems that Google was quick at taking the necessary measures to protect its users and started to remove them.