XFER Blog

XFER has been serving Michigan since 1994, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Infected Applications Removed from Google Play Store

Infected Applications Removed from Google Play Store

We all download apps. There are literally millions of apps to choose from and sometimes nefarious developers can get their application published with ulterior motives. A situation has just happened as Google has removed twenty-two apps that were found to contain automated click-fraud scripts from the Google Play Store. We’ll take a short look at what these developers were up to, and how the fraudster would affect you if you were one of the two million users that happened to download these apps.

What Apps?
First, we’ll start with a complete list of the apps that had been infested with this nefarious code:

  • Sparkle FlashLight
  • Snake Attack
  • Math Solver
  • ShapeSorter
  • Tak A Trip
  • Magnifeye
  • Join Up
  • Zombie Killer
  • Space Rocket
  • Neon Pong
  • Just Flashlight
  • Table Soccer
  • Cliff Diver
  • Box Stack
  • Jelly Slice
  • AK Blackjack
  • Color Tiles
  • Animal Match
  • Roulette Mania
  • HexaFall
  • HexaBlocks
  • PairZap

What Did These Apps Do?
SophosLabs found a cache of apps that feature what they call “Andr/Clickr-ad” malware. These applications are engineered with maximum flexibility in mind. They could contact a common attacker-controller server to download what is called an ad-fraud module. It does this every 80 seconds. The malware simply opened a non-visible window and would repeatedly click on ads, making the network look like it was getting more traffic, fraudulently enhancing the developers’ revenue.

No specific ad network was specified by Sophos, but users who had downloaded these applications would see a decrease in the battery life and/or an increase in the amount of data their device would use. One strange part of this is that some of the ad traffic was able to identify itself as from coming from iPhones, despite this appearing on Android-only apps. They came from “Apple models ranging from iPhone 5 to 8 Plus and from 249 different forged models from 33 distinct brands of Android phones.” This ploy was used as a way to increase revenues further as some advertisers will pay a premium to get their ads onto Apple devices. iOS versions of the apps, largely by the same developers, didn’t have the malicious code integrated.

Download Legit Apps
How can you go about making sure that you aren’t part of this problem? Download legitimate applications. Some of the best ways to make sure the apps you are downloading are legit, include:

  • Read a lot of reviews - Much of the information you will need to see the legitimacy of an application can be found in the review of the app in the store. If you make a point to read eight or more reviews, you will quickly get a good idea about how functional the application is.
  • Check app permissions - Applications need permission from a user to use the core functions of the phone. If the application in question tends to need access to functions that it shouldn’t, you should be skeptical about the application.
  • Check the terms and conditions - Most people don’t go through the terms and conditions of anything, let alone an application for their smartphone. Even if you do make a point to read them, the amount of legalese found is akin to a lullaby or a warm glass of milk. The problem for users is that there is a lot of good information about the applications, and specifically how it uses data. If you do set aside some time to read about it, check out some language that is relevant to the way you use the application.
  • Research the developer - Nowadays, software development is filled with people that are looking to make a name for themselves. This type of ambition can lead to bad decision making. If you take some time to do some basic research about the developer of an app you have reason to question, you’ll likely find the truth of whether they can be trusted or not. If they want to be known, they likely promote their work via social media, so, start there.

Android has millions of legitimate applications on the Google Play Store, so worrying whether or not you’ve downloaded one that will put your data at risk shouldn’t be too worrisome as long as you stick to our best practices. To learn more about technology, security, and mobile strategies, call XFER today at 734-927-6666 / 800-438-9337.

Network Security Is All About Handling Threats
Protecting Your Business by Understanding IoT Secu...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, March 20 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Technology Tip of the Week Privacy Microsoft Internet Cloud Best Practices Saving Money Backup Workplace Tips Software Business Computing Hosted Solutions Managed Service Provider Hackers Data Small Business Google Mobile Devices Hardware VoIP Productivity Mobile Office Email Malware Gadgets Network Security Quick Tips Efficiency Business Management Network Innovation IT Services IT Support Social Media Business Server Business Continuity Smartphones Miscellaneous Upgrade User Tips Windows Virtualization Communications Communication Disaster Recovery Data Backup Computer Managed IT Services Microsoft Office Smartphone Users Data Recovery Passwords Mobile Device Management Browser Internet of Things Android Holiday Marketing WiFi Save Money Tech Term Outsourced IT Alert Productivity Vendor Management Ransomware Cybercrime Cloud Computing Artificial Intelligence BDR Mobile Computing Operating System Remote Monitoring Windows 10 Router Chrome Avoiding Downtime Cybersecurity Automation Remote Computing Bring Your Own Device Apple BYOD Information Technology Computers Telephone Systems VPN Firewall Spam Big Data Health IT Solutions Current Events Going Green The Internet of Things History Best Practice Managed IT Services Collaboration Hacking Printer Social Engineering Facebook Proactive IT Phone System Employer-Employee Relationship Wireless Technology Windows 10 IT Consultant Trending Application App Bandwidth Money Encryption Lithium-ion Battery Office Mobility Budget Mobile Device IT Support Excel Private Cloud Networking iPhone How To Office 365 Training Applications Mouse Business Intelligence Business Managament Content Filtering Two-factor Authentication Phishing Fax Server Maintenance Recovery Windows 8 Unified Threat Management Sports Save Time Value Data Security Website User Error Redundancy Customer Relationship Management Law Enforcement Hard Drives Gmail Access Control Humor Antivirus Outlook Tutorials Settings Virus Information Analytics File Sharing Google Drive Apps Data Protection Blockchain Managed IT Word PowerPoint Scam Wi-Fi Search Tablet Administrator Identity Theft Twitter Office Tips Meetings Document Management Voice over Internet Protocol Data Management Streaming Media Risk Management Compliance Flexibility IT Management Entertainment Inbound Marketing Servers Social Saving Time Machine Learning Augmented Reality Retail Human Resources Software as a Service Downtime Analysis Administration Memory Paperless Office Social Networking Managed Service Digital Payment Network Congestion Hacker Business Technology Conferencing Computer Repair Vulnerability Tech Support Connectivity Robot Google Docs Safety Virtual Assistant Piracy Work/Life Balance Data Breach USB Windows 7 HaaS End of Support IBM Botnet YouTube Government Online Currency Leadership Point of Sale Healthcare Recycling Workers Education Telephone System Computer Accessories Statistics Credit Cards DDoS Solid State Drive Data loss Black Market Programming Smart Tech Skype CES Cryptocurrency Fraud Spam Blocking Instant Messaging Cleaning Password Running Cable IT Plan Wireless Physical Security Intranet Environment Webinar Wearable Technology Touchscreen Manufacturing Public Cloud Biometrics Content Management SaaS Net Neutrality IT service Unsupported Software Help Desk Infrastructure OneNote Data storage Display Best Available Update Bluetooth Video Surveillance Virtual Private Network Internet Exlporer People Data Storage eWaste Samsung Comparison Keyboard Telephony PDF Audit Staff Database Online Shopping Cache Project Management Business Mangement Password Management File Versioning Macro Devices GDPR Netflix Entrepreneur Shortcuts Root Cause Analysis Smartwatch Data Warehousing Specifications Co-managed IT Reputation Inventory PC Care Remote Monitoring and Maintenance Tablets Start Menu Theft Computer Fan Windows Media Player Virtual Desktop Digital Signature IT Security IoT 3D Supercomputer Hiring/Firing Distribution Regulations Evernote Internet exploMicrosoft Scheduling Wireless Internet Warranty Travel Criminal NarrowBand Print Server NIST eBay Multiple Versions HBO Thought Leadership E-Commerce Cost Management nternet Crowdfunding Electronic Health Records eCommerce Employee Millennials Customers Remote Support Line of Business Alerts Upgrades Analyitcs Mobile Cortana Uninterrupted Power Supply FENG Customer Service Multi-Factor Security Strategy Knowledge Logistics Wireless Charging Advertising Wire Microchip Chromecast Law Firm IT Text Messaging Consultant Restore Data Frequently Asked Questions Distributed Denial of Service Files Company Culture Content Filter Camera Patch Management Gaming Console Vendor Screen Mirroring Digital Signage Workforce Authentication MSP Work Station 360 Emails Professional Services Google Apps Smart Office Electronic Medical Records Cameras Lifestyle Insurance Flash Fiber-Optic Notifications LinkedIn Laptop Safe Mode Business Owner Licensing Backup and Disaster Recovery Tip of the week Amazon Colocation Storage Windows 10s Shadow IT HVAC Security Cameras Charger Cast WIndows 7 Google Search Telecommuting SharePoint Windows 8.1 Update Nanotechnology Remote Worker Virtual Reality Tools Search Engine Hiring/Firing Printer Server Shortcut Practices HIPAA Sync Cables Hybrid Cloud Worker Commute Touchpad Debate Accountants User Cryptomining Windows Server 2008 Amazon Web Services IaaS Computing Infrastructure Addiction Password Manager Legal Enterprise Content Management Employee/Employer Relationship Computer Care Managing Stress Domains ISP Software Tips Remote Work Relocation Wiring Hosted Solution Bloatware Webcam Students Bing Monitor Hosted Computing Proactive Science Unified Communications Smart Technology Loyalty Books Experience Two Factor Authentication Battery Content Video Games Emergency Worker Music Regulation Audiobook Scalability Assessment Rootkit Utility Computing Politics How to Television Printers Transportation Techology Troubleshooting Webinar Biometric Security Thank You Automobile Public Computer Benefits IT solutions Employer Employee Relationship CrashOverride Congratulations

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *