What’s a smartphone without some apps to download to it? With millions of apps to choose from, developers might often have less-than-virtuous motives that put their users at risk for their own benefit. Recently, Google has removed 22 apps from the Google Play Store that were found to contain automated click-fraud scripts. We’ll delve into what these developers were up to with these fraudulent applications, as well as how they would affect the two-million users that downloaded them.

What Are the Apps?
Below you’ll find a list of what the affected apps are:

  • Sparkle FlashLight
  • Snake Attack
  • Math Solver
  • ShapeSorter
  • Tak A Trip
  • Magnifeye
  • Join Up
  • Zombie Killer
  • Space Rocket
  • Neon Pong
  • Just Flashlight
  • Table Soccer
  • Cliff Diver
  • Box Stack
  • Jelly Slice
  • AK Blackjack
  • Color Tiles
  • Animal Match
  • Roulette Mania
  • HexaFall
  • HexaBlocks
  • PairZap

What Was Wrong with Them?
SophosLabs detected a cache of apps that are outfitted with a feature they call “Andr/Clickr-ad” malware. These applications are designed to be as flexible as possible with the intention of contacting a common attacker-controller server to download an ad-fraud module. This happens every 80 seconds. The malware opens up a non-visible window that repeatedly clicks on ads. This makes the network look like it’s getting more traffic and generates fraudulent revenue for the developer.

Sophos didn’t identify a specific ad network, but the users who had downloaded these apps experienced a considerable amount of battery drain and an increase in data usage. One interesting note is that some of the ad traffic was identified as coming from iPhones, even though these apps generally only appear on Android devices. The traffic came from “Apple models ranging from iPhone 5 to 8 Plus and from 249 different forged models from 33 distinct brands of Android phones.” This kind of strategy was used to increase profits for advertisers who had to pay a premium for their ads to run on Apple devices. iOS versions of the apps, even those by the same developers, didn’t have malicious code integrated.

Only Download Legitimate Applications
One way to make sure you don’t have troubles with your downloaded apps is to make sure you only download legitimate applications. Here are some ways to determine if the app you want is legitimate:

  • Read a lot of reviews: You can find out a lot about applications just by reading some of the reviews. Try to read eight or more reviews to make sure that the app is as functional as you think it is.
  • Check the app permissions: Some applications need your permission in order to accomplish certain tasks. Always check these permissions before downloading anything. For example, if an application needs access to your text messages or camera, when it clearly shouldn’t be asking for them, you should think twice before downloading.
  • Check the terms and conditions: It might be tempting to skip the terms and conditions, but you don’t want to do this for smartphone apps. Even if you try to read them, the legal language used might be unnerving. Still, the terms and conditions might hold some insights into how the data collected by the application is used.
  • Research the developer: Software development is a competitive field, so people are always looking for ways to differentiate themselves and further their ambitions. Unfortunately, ambition doesn’t always lead to ethical business practices. Do some research into who developed the applications and determine if you can trust who created the tool you’re about to download.

The Google Play Store holds countless applications, so be on the lookout for any apps that threaten your device’s integrity. Just stick to your best practices and it’s unlikely that you’ll encounter and download something dangerous. To learn more about this kind of mobile device security, reach out to Net It On, LLC at (732) 360-2999.

December 28, 2018
Directive