Adware-Laden Google Play Apps Downloaded Eight Million Times (Aug 20, 2019)
Google has removed 85 apps that were distributing adware on the Google Play Store. The apps, which had over either million downloads contained adware that evades detection using Java reflection, enabling the runtime behaviours to be modified and encoding the API strings in base64. The applications had regular functionalities of the applications portrayed, but with advertisements being forced upon the user before the app could be closed. Apps that were infected with the adware include: Beautiful House, Blur Photo Editor, Magic Camera, One Stroke Line Puzzle, and Toy Smash.
Recommendation: Google has since removed the malicious applications from Google Play. Users should be cautious when downloading applications because as this story portrays, malicious applications sometimes make it into office stores. Therefore, users should carefully review the permissions an application will request prior to installation.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.