Search This Blog

Showing posts with label Fake Apps. Show all posts

Sneaky Android adware hides its own icon to avoid removal – find out how to get rid of it!



Security researchers at SophosLabs have discovered 15 apps in the Play Store that contain a manipulative strain of adware that hides its own icon in the launcher to avoid being uninstalled by making the process unusually difficult for the users, it disguises itself as a harmless system app. There is a possibility of more such apps being present on the Play Store beside these 15 discovered ones. Some apps of similar nature have gone a step further and were found upon opening the phone’s App Settings page, hidden beneath names and icons that make them appear as legitimate system apps.

Some people tend to download an app, without giving its requirement much of a thought or consideration, the habit may have led you into inadvertently downloading these malicious apps such as QR code reading, free calls and messaging, phone finder, backup utilities and image editor apps which have adware embedded in them and serve no purpose at all other than to generate revenues for the developers by displaying intrusive advertisements. To exemplify, Flash on Calls & Messages – aka Free Calls & Messages is one such app, which shows a fake error message when the user launches it, telling the user that it is incompatible with his device. Then the user is directed to the Google Play Store entry for Google Maps, to mislead the user into believing that the Maps app is the reason for the crash, which is not at all true.

On Google Play Store, most of these camouflaged apps receive negative ratings and reviews which highlight the disappointments and the issues faced by users while using the app. More than 13 lakh phones were populated by these malicious apps, according to SophosLabs.

Quoting Andrew Brandt, principal researcher at SophosLabs, "To stay safe when downloading apps from the Google Play Store, users are advised to read reviews and sort them by most recent and filter out the positive four and five-star reviews with no written text,"

"App developers have, for years, embedded ad-code into their apps as a way to help defray the costs of development, but some developers simply use their apps as a borderline-abusive platform solely to launch ads on mobile devices," he added.

How to get rid of adware apps? 

Referencing from the advise given by Andrew Brandt, "If you suspect that an app you recently installed is hiding its icon in the app tray, tap Settings (the gear menu) and then Apps & Notifications. The most recently opened apps appear in a list at the top of this page."

"If any of those apps use the generic Android icon (which looks like a little greenish-blue Android silhouette) and have generic-sounding names (‘Back Up,’ ‘Update,’ ‘Time Zone Service’) tap the generic icon and then tap ‘Force Stop’ followed by ‘Uninstall.’ A real system app will have a button named ‘Disable’ instead of ‘Uninstall’ and you don’t need to bother disabling it."

"To stay safe when downloading apps from the Google Play Store, users are advised to read reviews and sort them by most recent and filter out the positive four and five-star reviews with no written text,"

"If several reviews mention specific undesirable behavior, it's likely best to avoid that particular app," he says. 

Google Takes Down Around 46 Apps by Chinese Developers from its Play Store


Last week, around 46 apps by a Chinese developer, iHandy were taken down by Google from its Play Store. Initially, Google declined to provide reasons for the sudden removal of various security, horoscope, selfie, health and antivirus related apps which were downloaded over millions of times.

However, a total of eight apps were still present on Google’s Play Store, until three more were taken down, as per a Buzzfeed report. The Chinese company, established in the year 2008, claims to have almost 180 million monthly active users in more than 200 countries across the globe. Currently going through investigations, iHandy is one of the world’s largest mobile application developers.

In a conversation with Buzzfeed, iHandy VP Simon Zhu, while expressing how they found Google’s takedown quite unexpected, said “It is an unexpected action from our point of view. We are trying to find out the reasons. Hope the apps will be back to Play Store as soon as possible.”

Notably, Google has taken down apps made by Chinese developers in the past as well for various reasons; in this case, the removal is triggered by deceptive and disruptive ads. In August this year, after Trend Micro discovered malware inside certain apps, Google removed a total of 85 apps from its Play Store, most of these apps were related to gaming or photography and had more than 8 million downloads. The most popular names among these infected apps included, ‘Super Selfie’, ‘Cos Camera’, ‘One Stroke Line Puzzle’ and ‘Pop Camera’.

To exemplify, a very popular app known as ‘Sweet Camera- Selfie Beauty Camera, Filters’ which had over 50 million downloads was also removed in the process and it is not to be found on the Indian Play Store either.

Researchers discovered that all of these infected apps were put on the Play Store via distinct developer accounts and were signed by non-identical digital certificates, but they exhibited the same behaviors and shared a similar code.

Referenced from the statements given by Google’s spokesperson, "Our Google Play developer policies are designed to help create the best experience for users, and we explicitly prohibit deceptive or disruptive ads. When violations are found, we take action,"

Google removes 16 apps infected by 'Agent Smith' malware

Every now and then, Android keeps getting visited from deadly malware attacks that put user and their data at lots of risks. This time, it's a new malware called Agent Smith and like its name, this malware is sneaky in what it's designed to do - bombard your phone with ads. Agent Smith also has properties to stick to other apps installed on the phone and ensure that the malware infection stays the same. The malware was first detected by Check Point and after working with Google, the infected apps have been removed from Google Play Store.

After it was informed of the infection, Google has identified and removed 16 apps from the Play Store that are known to be infected by Agent Smith. These apps are no longer available for download from the Play Store and there won't be further updates for these apps via the Play Store. However, Google can only remove the app from the Play Store but it can't wipe these apps from an individual's Android phone. Hence, if you have the following apps installed on your Android phone, you should uninstall them immediately.

Ludo Master - New Ludo Game 2019 For Free

Sky Warriors: General Attack

Color Phone Flash - Call Screen Theme

Bio Blast - Infinity Battle Shoot virus

Shooting Jet

Photo Projector

Gun Hero - Gunman Game for Free

Cooking Witch

Blockman Go: Free Realms & Mini Games

Crazy Juicer - Hot Knife Hit Game & Juice Blast

Clash of Virus

Angry Virus

Rabbit Temple

Star Range

Kiss Game: Touch Her Heart

Girl Cloth Xray Scan Simulator

However, Agent Smith can cling on to other popular apps and make it difficult for users to identify which app has been affected by it. Two most popular apps in India include WhatsApp - through which it has infected 1.5 crore Android phones, and Flipkart.

Over 2,000 malicious apps exists on Play Store

If you thought that the quality control issues plaguing the Google Play Store for Android were finally being ironed out, it couldn't be further from the truth. A two-year-study by the University of Sydney and CSIRO’s Data61 has come to the conclusion that there are at least 2,040 counterfeit apps on Google Play Store. Over 2,000 of those apps impersonated popular games and had malware. The paper, a Multi-modal Neural Embedding Approach for Detecting Mobile Counterfeit Apps, was presented at the World Wide Web Conference in California in May documenting the results.

The study shows that there is a massive number of impersonated popular gaming apps available on Play store. They include fake versions of popular games such as Temple Run, Free Flow and Hill Climb Racing. The study investigated around 1.2 million apps on Google Play Store, available in Android, and identified a set of potential counterfeits for the top 10,000 apps.

Counterfeit apps impersonate popular apps and try to misguide users`. “Many counterfeit apps can be identified once installed. However, even a tech-savvy user may struggle to detect them before installation,” the study says.

It also points out that fake apps are often used by hackers to steal user data or infect a device with malware. “Installing counterfeit apps can lead to a hacker accessing personal data and can have serious consequences like financial losses or identity theft,” reads a blog post by the university.

The study also found that 1,565 asked for at least five dangerous permissions and 1407 had at least five embedded third-party ad libraries.

To investigate these applications on Google Play store the researchers used neural networks.

Google has acknowledged the problem of “malicious apps and developers” in a blog post by Google Play product manager Andrew Ahn on February 13, 2019.

According to Google, the company now removes malicious developers from Play store much faster when compared to previous years. The company says that in 2018 it stopped more malicious apps from entering the store than ever before.

A Google spokesperson, in response to a TOI email, said, “When we find that an app has violated our policies, we remove it from Google Play.”

Indian Internet Companies Suffering Fake App Installations




Several companies nowadays spend lump sum amount on making their applications stand out in the midst of the rest. Getting somebody to install a mobile application once can be a challenge, however toss in a touch of little something beneficial and they might be willing to download the application multiple times.

India's biggest mobile payments company Paytm's , senior VP Deepak Abbot says that this is a problem that they encounter on a daily basis and more unbridled on third-party platforms or even ad networks outside Facebook and Google.

As indicated by him, a few systems, lure users to install an application by offering something as irrelevant as cash backs or other benefits, for example, recharge packs.

What's more is that is to avail such incentives,, utilizing different internet addresses or device IDs a few users do install and uninstall such applications numerous times.

As indicated by the official report by the company around 20% of Paytm app downloads are fake, that alludes to users installing and deleting the application without investing any time or energy in it or participating in any exchange, bringing about nil returns on the cost incurred in motivating users to install the application.

Indian internet companies are as of now thinking about a sharp increment in such cases of mobile fraud even as rising traffic to their mobile platforms and driving application installation have turned out to become critical for development in a hyper-competitive environment. 

In a report last year by the US advertising and marketing company TUNE the extortion identified with mobile app installations in India is 1.7 times higher than the worldwide average, with 16.2% of the application installations in the nation being false.

 “India is the No. 1 country in terms of organic and inorganic app installs but we have seen an 85% increase in fraudulent installs of apps in the last one year,” said Sanjay Trisal, country manager, India, at Tel Aviv- “While the incentive for fraud in terms of parameters such as money made per click is much higher in other markets, India is an attractive country for fraudsters due to the sheer volume of installs” headquartered by the mobile marketing analytics and attribution firm AppsFlyer that works with more than 450 companies here including Shopclues, Paytm and Goibibo.
The most prevalent mobile frauds in India include:

·       Click fraud,’ which pertains to an ad network generating fake clicks;
·       Attribution fraud,’ or claiming credit for an app installation even if a user has downloaded the app through organic channels;
·       Device fraud,’ wherein multiple installations are claimed from the same device by changing the device’s unique IMEI number using software;
·       IP fraud,’ which involves multiple clicks from a blacklisted IP address;
·        Incentive fraud,’ wherein users are incentivised to install an app, which doesn’t result in lasting engagement.

 “Everyone is getting smarter, and the worst part is fraud networks wrongly claiming (an app installation to be)… coming from (their) network. That’s the worst part because I am having to pay for a loyal person (user) whom I actually need not be paying for ”said Pawrush Elavia, director, growth and digital, at music streaming company Saavn.

Albeit paying advertisement networks helped the increment of the quantity of new users for Saavn, a few of these clients were neither tuning in to nor spending time on the application, and that was the end point that Elavia acknowledged they needed to fix.

Companies are now adopting to various strategies to counter the hazard but there is yet no full proof solution for it.

Some are putting resources into building misrepresentation detection technologies , while others are banding together with platforms that have practical experience  and specialise in distinguishing such frauds.

Because of this mayhem the Paytm competitor MobiKwik, which had been working with in excess of 25 ad networks to acquire more clients, has turned out to be exceptionally choosy about whom it works with.

 “We have blacklisted a few ad networks, although that is not a permanent solution but we’re also working very closely with attribution companies to detect fraud cases early on, while we want our folks to focus on growth,” said Damandeep Singh Soni, head of marketing and growth at MobiKwik.

With paid marketing channels becoming increasingly unreliable,  internet companies are trimming expenditure on paid channels in a big way too.

Ad networks say they, too, are engaged in battling fraud as they work both with advertisers and publishers. “All major ad networks are working towards a fraud-free system, where they are challenged by increasingly evolving fraudsters on one hand and insufficient transparency from the marketer on the other,” said Dippak Khurana, CEO of ad network Vserv, which is backed by IDG Ventures India and Maverick Capital Ventures.

The company has engaged with independent companies that provide mobile fraud-detection tools. “The challenge is in our category is that if we use the push approach, it doesn’t work because then the uninstalls become really, really high. We have moved away from that approach,” said Sneha Roy, head of marketing at online furniture retailer UrbanLadder that mainly works with Facebook and Google to get past users to install its app again. “We let customers browse through our mobile website and develop some engagement that kind of pushes installs.”

Nevertheless in spite of it all there are still several internet companies, which are trying their level best  to move away from such rabidly chasing new installations and are instead focusing on improving engagement with users.


Android Malware intercepts bank calls and redirects to scammers

There is a new version of the creative FakeBank Android malware that intercepts victims’ calls to their banks and redirects them to scammers.

The trojan is one of the most creative android malware threatening the market. FakeBank operates by fooling customers using fake login screens inserted on top of legitimate banking apps.

The innovative new version not only lets scammers intercept banking calls made by customers by switching the dialed number with a special one pre-configured in the configuration file, but also enables them to actually make calls to customers using a special number, which will come up on users’ screen as if their bank is calling them.

This lets these scammers fool customers into giving away their banking information whenever they want it.

This new variant is allegedly only active in South Korea at the moment, according to a report by Symantec researchers, who have discovered the trojan in 22 apps so far via social media links and third-party app stores, targeting Korean bank clients.

In the past, the trojan has been able to whitelist its process to remain active while the users’ phone was in sleep mode and has also used TeamViewer to grant attackers full access to the device.

Spotify warns users using hacked apps to access premium for free

Spotify, the online music streaming service that had only just filed for an initial public offering (IPO) for later this month, is now cracking down on users who are using unauthorised or modified versions of the Spotify app to access Premium features for free.

These hacked apps allow freeloaders to skip songs indefinitely and enjoy ad-free streaming — features that are only available for premium users.

The free version of Spotify has certain restrictions such as advertisements, shuffle-only play, skipping restrictions, and such that encourage users to buy premium. These modified versions of Spotify make premium redundant by letting users enjoy unrestricted streaming with the help of installation files that can be downloaded alongside the app.

Spotify is sending an email to users in whose accounts they identify any “abnormal activity” and warn that future breaches could result in suspension or even termination of their Spotify account.



According to the email, to regain access to their account, a user has to simply uninstall the hacked or modified Spotify app and redownload the official app from Google Play Store.

It has not been revealed how many users reportedly use these versions to enjoy restriction-free streaming for free. According to figures released by the company in December, the service itself is used by more than 159 users around the world — 88 million of which are users of the free tier of Spotify.

Considering the company’s current losses, it is not surprising that they are finally addressing the issue.

Lebanon Spyware Uncovered, Steals Data through Fake Messaging Apps

Researchers from non-profit campaign group Electronic Frontier Foundation (EFF) and mobile security group Lookout have together uncovered malware that targets individuals such as military personnel, journalists, lawyers, and activists, using fake apps that look like popular messaging apps like WhatsApp and Signal.

The malware, dubbed “Dark Caracal” by the researchers, targets known Android weaknesses and iOS has not been affected by it.

According to their report on Dark Caracal, the malware was traced back to a server in a Lebanese government building — a building belonging to the Lebanese General Security Directorate in Beirut, Lebanon — and seems like the threat could be coming from a nation-state.

“We have identified hundreds of gigabytes of data exfiltrated from thousands of victims, spanning 21+ countries in North America, Europe, the Middle East, and Asia,” the report read.

“This is a very large, global campaign, focused on mobile devices. Mobile is the future of spying because phones are full of so much data about a person’s day-to-day life,” said EFF Director of Cybersecurity Eva Galperin.

Data stolen through the spyware includes documents, call records, audio recordings, secure messaging client content, contact information, text messages, photos, and account data.

According to EFF, WhatsApp or Signal have not been compromised, and Google has confirmed that the infected apps were not downloaded from its Play Store. Instead, the attackers use “spearphishing” to get these fake apps on targets’ phones, which is a phishing attack that specifically targets an individual using information the attacker has on the victim.

“All Dark Caracal needed was application permissions that users themselves granted when they downloaded the apps, not realizing that they contained malware,” said EFF Staff Technologist Cooper Quintin.

Dark Caracal has reportedly been operating since 2012 but has been unable to track down because of the number of similar attacks happening all over the world that have repeatedly been misattributed to other cybercrime groups.

This research has shed light on how governments and people are able to spy on individuals all over the world.