2 popular Android apps found clicking on ads secretly
San Francisco, Aug 30 Security researchers have found two Android apps with over 1.5 million downloads using a new method to secretly click ads on users devices.
Because of their unusual method of hiding advertisements, these two apps went unnoticed on the Google Play Store for nearly a year.
Norton LifeLock, a brand of security company Symantec, informed Google of the observed behaviour and the apps have now been removed from the Play Store.
A developer known as Idea Master published the two apps on Play Store in the past year, Symantec said.
The two apps, a notepad app called “Idea Note: OCR Text Scanner, GTD, Color Notes” and a fitness app named “Beauty Fitness: Daily workout, best HIIT coach”, are packed using legitimate packers, originally developed to protect the intellectual property of Android applications.
Android packers can change the entire structure and flow of an Android Package Kit (APK) file, which complicates things for security researchers who want to decipher the APK’s behaviour.
This also explains the developer’s ability to remain on the Play Store performing malicious acts under the radar for nearly a year before being detected.
Using a method to hide advertisements from the users allows advertisements, and any other potentially malicious content, to be displayed freely.
The app can then initiate an automated ad-clicking process that produces ad revenue.
As threat actors generate ghost clicks and ad revenue, the impacted devices will suffer from drained batteries, slowed performance and a potential increase in mobile data usage due to frequent visits to advertisement websites, Symantec said.