Female Rep 3

 

 "Quality is Job One"

Have IT Questions?
Call us now (888) 894-6411

TWINTEL Solutions Blog

Infected Applications Removed from Google Play Store

Infected Applications Removed from Google Play Store

We all download apps. There are literally millions of apps to choose from and sometimes nefarious developers can get their application published with ulterior motives. A situation has just happened as Google has removed twenty-two apps that were found to contain automated click-fraud scripts from the Google Play Store. We’ll take a short look at what these developers were up to, and how the fraudster would affect you if you were one of the two million users that happened to download these apps.

What Apps?
First, we’ll start with a complete list of the apps that had been infested with this nefarious code:

  • Sparkle FlashLight
  • Snake Attack
  • Math Solver
  • ShapeSorter
  • Tak A Trip
  • Magnifeye
  • Join Up
  • Zombie Killer
  • Space Rocket
  • Neon Pong
  • Just Flashlight
  • Table Soccer
  • Cliff Diver
  • Box Stack
  • Jelly Slice
  • AK Blackjack
  • Color Tiles
  • Animal Match
  • Roulette Mania
  • HexaFall
  • HexaBlocks
  • PairZap

What Did These Apps Do?
SophosLabs found a cache of apps that feature what they call “Andr/Clickr-ad” malware. These applications are engineered with maximum flexibility in mind. They could contact a common attacker-controller server to download what is called an ad-fraud module. It does this every 80 seconds. The malware simply opened a non-visible window and would repeatedly click on ads, making the network look like it was getting more traffic, fraudulently enhancing the developers’ revenue.

No specific ad network was specified by Sophos, but users who had downloaded these applications would see a decrease in the battery life and/or an increase in the amount of data their device would use. One strange part of this is that some of the ad traffic was able to identify itself as from coming from iPhones, despite this appearing on Android-only apps. They came from “Apple models ranging from iPhone 5 to 8 Plus and from 249 different forged models from 33 distinct brands of Android phones.” This ploy was used as a way to increase revenues further as some advertisers will pay a premium to get their ads onto Apple devices. iOS versions of the apps, largely by the same developers, didn’t have the malicious code integrated.

Download Legit Apps
How can you go about making sure that you aren’t part of this problem? Download legitimate applications. Some of the best ways to make sure the apps you are downloading are legit, include:

  • Read a lot of reviews - Much of the information you will need to see the legitimacy of an application can be found in the review of the app in the store. If you make a point to read eight or more reviews, you will quickly get a good idea about how functional the application is.
  • Check app permissions - Applications need permission from a user to use the core functions of the phone. If the application in question tends to need access to functions that it shouldn’t, you should be skeptical about the application.
  • Check the terms and conditions - Most people don’t go through the terms and conditions of anything, let alone an application for their smartphone. Even if you do make a point to read them, the amount of legalese found is akin to a lullaby or a warm glass of milk. The problem for users is that there is a lot of good information about the applications, and specifically how it uses data. If you do set aside some time to read about it, check out some language that is relevant to the way you use the application.
  • Research the developer - Nowadays, software development is filled with people that are looking to make a name for themselves. This type of ambition can lead to bad decision making. If you take some time to do some basic research about the developer of an app you have reason to question, you’ll likely find the truth of whether they can be trusted or not. If they want to be known, they likely promote their work via social media, so, start there.

Android has millions of legitimate applications on the Google Play Store, so worrying whether or not you’ve downloaded one that will put your data at risk shouldn’t be too worrisome as long as you stick to our best practices. To learn more about technology, security, and mobile strategies, call TWINTEL Solutions today at (888) 894-6411.

An IT Christmas Carol
Tip of the Week: Locating a Misplaced Smartphone
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, March 25 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code

Our 10 Benefits

Our 10 Benefits Whitepaper

This whitepaper will evaluate the differences between traditional technical support practices and modern managed IT practices and the pros and cons of both in regards to small and medium-sized businesses.

Download Now!   Need A Consultation?

Tag Cloud

Security Tip of the Week Best Practices Technology Cloud Privacy Business Computing Hackers Network Security Hosted Solutions Backup Malware Mobile Devices Google Data VoIP Email Microsoft Business Disaster Recovery Software Business Continuity bgc roundup communications Innovation Internet nonprofit Outsourced IT IT Services Managed IT Services Alert User Tips Smartphones Productivity Hardware Data Backup Tech Term Managed IT Services Server Windows 10 Efficiency Browser Computer Ransomware Workplace Tips Cloud Computing Smartphone Saving Money Data Recovery IT Support Cybercrime Android Internet of Things IT Support Communication Windows BDR Computers Small Business Business Management Network Passwords Office Miscellaneous Save Money Productivity Quick Tips Artificial Intelligence Cybersecurity Mobility Chrome Recovery Holiday Gadgets Windows 10 Applications Mobile Device Management Router Managed IT Money Telephone Systems Mobile Device BYOD Social Engineering Health Work/Life Balance Wi-Fi Phishing Proactive IT Social Media Office 365 Virtualization Private Cloud Collaboration Upgrade Law Enforcement Hacking Facebook Vulnerability Automation Firewall App Compliance VPN Information Password Microsoft Office Bandwidth Remote Monitoring Bring Your Own Device Two-factor Authentication Google Drive Word Data Protection Office Tips Flexibility Budget Managed Service Provider Avoiding Downtime How To Voice over Internet Protocol Software as a Service Keyboard Data Security Redundancy Servers Identity Theft Connectivity Remote Computing Data Breach Business Intelligence Encryption Managed Service Information Technology Sports HaaS Save Time History Spam Mobile Computing Scam Black Market Settings Value Operating System Safety Apps IT Management Data Management Worker End of Support USB Employer-Employee Relationship Data storage Machine Learning Comparison Entertainment Unified Threat Management Spam Blocking Battery Content Filtering IT Plan Update Business Owner The Internet of Things CES Cryptocurrency Hiring/Firing SaaS Emergency Cleaning Government Training Workers PDF Big Data Solid State Drive WiFi Document Management Content Management Computing Infrastructure Credit Cards Access Control Computer Care Marketing Patch Management Legal Google Docs Blockchain Virtual Assistant Hacker Windows 7 Fraud HIPAA OneNote Risk Management Samsung Unsupported Software Charger Physical Security Telephony Data Storage Website Automobile Wireless Technology Human Resources Telephone System YouTube Electronic Medical Records Infrastructure Paperless Office Augmented Reality Public Computer Social Staff Regulation Amazon Web Services How to Addiction Meetings Worker Commute Criminal NIST User Error Cryptomining Excel Remote Work Smart Tech Printers Loyalty Computer Fan Microchip Password Manager Benefits Knowledge Downtime Employee Video Games Hosted Computing Remote Worker Wireless Start Menu Unified Communications Vendor Multi-Factor Security Digital Signature Rootkit Reputation Advertising Online Shopping Troubleshooting Cache Search Engine Data loss Monitor Colocation Database Tip of the week Scalability Experience Warranty FENG Hard Drives Education Business Mangement HVAC Smart Technology Network Congestion Robot Digital Signage HBO Specifications Inventory Wiring Windows 10s Tools Theft Wireless Internet Display Trending Chromecast Customers Flash Evernote Laptop Bing Screen Mirroring Techology Safe Mode Employer Employee Relationship webinar Windows Server 2008 Devices Printer Relocation Gmail Networking Two Factor Authentication Files Google Search Outlook Millennials Public Cloud Cortana Wire IBM Security Cameras Data Warehousing Lifestyle Accountants MSP Vendor Management Sync Wireless Charging Shadow IT Books Touchpad Humor Help Desk Cast NarrowBand Computer Accessories Conferencing Instant Messaging Thought Leadership Mouse Assessment Mobile Users Recycling Enterprise Content Management IT Consultant Net Neutrality Workforce Authentication Google Apps Smart Office Supercomputer Apple Botnet Best Practice Content File Sharing Fiber-Optic Hosted Solution Shortcuts Bluetooth Netflix Internet Exlporer Regulations Amazon Search Going Green Twitter Administrator Television CrashOverride Professional Services Virtual Reality eWaste Password Management Leadership ISP Frequently Asked Questions Telecommuting Politics Nanotechnology Camera Audit Transportation Current Events iPhone Smartwatch Software Tips Audiobook Practices Skype Cables Thank You Congratulations Business Technology nonprofits GDPR Analytics E-Commerce Biometric Security