A security firm has discovered that dozens of fraudulent Android adware apps have been downloaded more than 8 million times from the Google Play store.
Security firm Trend Micro said it found 85 individual apps that were disguised as photo editing apps and games and contained ads that would take over users’ screens as part of a money-making scheme.
All of the fraudulent apps have since been removed from the Google Play store.
The researchers found that after the fake app is launched, it first records two timestamps: the current time (the device’s system time) as “installTime,” and the network time, which is then stored as “networkInstallTime.”
“It isn’t your run-of-the-mill adware family,” said Ecular Xu, a mobile threat response engineer at Trend Micro, according to TechCrunch. “Apart from displaying advertisements that are difficult to close, it employs unique techniques to evade detection through user behavior and time-based triggers.”
The fake apps would keep a record when they were installed and sit dormant for around half an hour before hiding the app icon and creating a shortcut on the user’s home screen. That helped to protect the app from being deleted if the user decided to drag and drop the shortcut to the “uninstall” section of the screen. The ads could also be remotely controlled by the fraudster.
“These ads are shown in full screen,” said Xu. “Users are forced to view the whole duration of the ad before being able to close it or go back to app itself.”
When the app unlocked, it displayed ads on the user’s home screen. Trend Micro provided a list of the apps that had a million downloads each, including Super Selfie Camera, Cos Camera, Pop Camera and One Stroke Line Puzzle.
One warning sign about the apps: They all had horrible user reviews that included complaints about too many pop-up ads.