Posing as cheats for popular game, these
fake apps pester users by displaying ads every 30-40 minutes.
ESET®,
a global pioneer in IT security for more than two decades, publishes information on
fake apps that were available at the official Google app store. Posing as
popular game cheats, such as Cheats for Pou, Guide for SubWay and Cheats for
SubWay, these fake apps were installed more than 200,000 times in a single month,
according to ESET
security researchers.
The app aggressively display adverts
30-40 minutes, disrupting normal use of users’ Android devices.
The fake apps, detected as Android/AdDisplay.Cheastom by
ESET, deploy numerous techniques to evade detection by Google Bouncer - the
technology Google uses to prevent malicious apps from entering the Google Play
store. In addition, the apps contain
self-preservation code to make their removal more complicated.
“These
aggressive ad-displaying apps attempt to hide their functionality from security
researchers by deploying techniques, which succeeded in being downloaded over
200,000 times in a single month,” said Lukáš Štefanko, Malware
Researcher at ESET. “The anti-Bouncer technique used
by these apps obtains the IP address of a device and accesses its WHOIS record.
If the information returned contains the string ‘Google’, then the app assumes
it is running in Bouncer. Should the app detect an emulator or Google Bouncer
environment, the ads are not displayed. Instead, the app will simply provide
game cheats, as expected.”
ESET notified Google and these unwanted
applications have now been removed from the Google store.
“Although
it’s good that Google removed the apps from the Android Google Play store after
we informed them of the issue, it is clear that more attempts will be made to
bypass Bouncer and spread apps containing undesirable code,” continued Štefanko.
More
information and advice for affected users available from ESET’s in-depth article on WeLiveSecurity.com.