XFER Blog

XFER has been serving Michigan since 1994, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Infected Applications Removed from Google Play Store

Infected Applications Removed from Google Play Store

We all download apps. There are literally millions of apps to choose from and sometimes nefarious developers can get their application published with ulterior motives. A situation has just happened as Google has removed twenty-two apps that were found to contain automated click-fraud scripts from the Google Play Store. We’ll take a short look at what these developers were up to, and how the fraudster would affect you if you were one of the two million users that happened to download these apps.

What Apps?
First, we’ll start with a complete list of the apps that had been infested with this nefarious code:

  • Sparkle FlashLight
  • Snake Attack
  • Math Solver
  • ShapeSorter
  • Tak A Trip
  • Magnifeye
  • Join Up
  • Zombie Killer
  • Space Rocket
  • Neon Pong
  • Just Flashlight
  • Table Soccer
  • Cliff Diver
  • Box Stack
  • Jelly Slice
  • AK Blackjack
  • Color Tiles
  • Animal Match
  • Roulette Mania
  • HexaFall
  • HexaBlocks
  • PairZap

What Did These Apps Do?
SophosLabs found a cache of apps that feature what they call “Andr/Clickr-ad” malware. These applications are engineered with maximum flexibility in mind. They could contact a common attacker-controller server to download what is called an ad-fraud module. It does this every 80 seconds. The malware simply opened a non-visible window and would repeatedly click on ads, making the network look like it was getting more traffic, fraudulently enhancing the developers’ revenue.

No specific ad network was specified by Sophos, but users who had downloaded these applications would see a decrease in the battery life and/or an increase in the amount of data their device would use. One strange part of this is that some of the ad traffic was able to identify itself as from coming from iPhones, despite this appearing on Android-only apps. They came from “Apple models ranging from iPhone 5 to 8 Plus and from 249 different forged models from 33 distinct brands of Android phones.” This ploy was used as a way to increase revenues further as some advertisers will pay a premium to get their ads onto Apple devices. iOS versions of the apps, largely by the same developers, didn’t have the malicious code integrated.

Download Legit Apps
How can you go about making sure that you aren’t part of this problem? Download legitimate applications. Some of the best ways to make sure the apps you are downloading are legit, include:

  • Read a lot of reviews - Much of the information you will need to see the legitimacy of an application can be found in the review of the app in the store. If you make a point to read eight or more reviews, you will quickly get a good idea about how functional the application is.
  • Check app permissions - Applications need permission from a user to use the core functions of the phone. If the application in question tends to need access to functions that it shouldn’t, you should be skeptical about the application.
  • Check the terms and conditions - Most people don’t go through the terms and conditions of anything, let alone an application for their smartphone. Even if you do make a point to read them, the amount of legalese found is akin to a lullaby or a warm glass of milk. The problem for users is that there is a lot of good information about the applications, and specifically how it uses data. If you do set aside some time to read about it, check out some language that is relevant to the way you use the application.
  • Research the developer - Nowadays, software development is filled with people that are looking to make a name for themselves. This type of ambition can lead to bad decision making. If you take some time to do some basic research about the developer of an app you have reason to question, you’ll likely find the truth of whether they can be trusted or not. If they want to be known, they likely promote their work via social media, so, start there.

Android has millions of legitimate applications on the Google Play Store, so worrying whether or not you’ve downloaded one that will put your data at risk shouldn’t be too worrisome as long as you stick to our best practices. To learn more about technology, security, and mobile strategies, call XFER today at 734-927-6666 / 800-Get-XFER.

Network Security Is All About Handling Threats
Protecting Your Business by Understanding IoT Secu...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, January 17 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Technology Tip of the Week Privacy Microsoft Internet Cloud Best Practices Saving Money Backup Software Workplace Tips Business Computing Managed Service Provider Hosted Solutions Data Hackers Small Business Google Hardware Mobile Devices Productivity VoIP Mobile Office Malware Email Gadgets Quick Tips Network Security Efficiency Network Innovation IT Support Business IT Services Social Media Business Management Business Continuity Miscellaneous Smartphones Server Upgrade Communication Virtualization Disaster Recovery User Tips Windows Data Backup Communications Computer Microsoft Office Managed IT Services Users Smartphone Passwords Browser Mobile Device Management Data Recovery Android Holiday WiFi Save Money Marketing Alert Tech Term Ransomware Outsourced IT Internet of Things Cybercrime Mobile Computing BDR Vendor Management Remote Monitoring Cloud Computing Windows 10 Router Chrome Operating System Bring Your Own Device Apple BYOD Computers Artificial Intelligence Information Technology Automation Avoiding Downtime Current Events Spam Best Practice History Big Data Remote Computing IT Solutions Going Green The Internet of Things Firewall Managed IT Services Telephone Systems VPN Cybersecurity Employer-Employee Relationship Phone System Health Wireless Technology IT Consultant Application Trending Collaboration Printer Hacking Facebook Social Engineering Proactive IT Office Lithium-ion Battery Productivity Mobility Budget Excel Windows 10 App Bandwidth Money iPhone Fax Server How To Office 365 Mouse Two-factor Authentication Applications Business Intelligence Maintenance Content Filtering Windows 8 Phishing Mobile Device Recovery IT Support Unified Threat Management Business Managament Networking Redundancy Customer Relationship Management Hard Drives Law Enforcement Training Settings Data Protection Antivirus Blockchain Encryption Word Analytics Data Security Google Drive Apps Managed IT User Error PowerPoint Access Control Website Humor Outlook Value Sports Tutorials Gmail Information Virus Private Cloud Software as a Service Analysis Streaming Media Risk Management Data Management Entertainment Inbound Marketing Managed Service Retail Social Human Resources Saving Time Connectivity Tech Support Administration Network Congestion Hacker Identity Theft Scam Downtime Social Networking Digital Payment File Sharing Memory Voice over Internet Protocol Computer Repair Save Time Conferencing Vulnerability IT Management Office Tips Servers Wi-Fi Administrator Tablet Search Machine Learning Twitter Compliance Flexibility Document Management Education Content Management Webinar Unsupported Software DDoS Instant Messaging Statistics Infrastructure Data loss Help Desk Environment Solid State Drive Paperless Office Programming Update Black Market Skype Spam Blocking Biometrics IT service Augmented Reality Intranet Wireless Comparison Physical Security Touchscreen Running Cable Telephony Cleaning Password Wearable Technology Google Docs Virtual Assistant Windows 7 Public Cloud SaaS Botnet Display Data storage Video Surveillance Telephone System Best Available OneNote USB Credit Cards Robot Bluetooth Data Storage eWaste People Internet Exlporer Piracy Smart Tech Keyboard Samsung PDF IBM Safety CES Work/Life Balance Data Breach HaaS Fraud End of Support Leadership Online Currency IT Plan Government YouTube Recycling Meetings Computer Accessories Workers Point of Sale eBay Safe Mode Supercomputer Tip of the week Amazon Internet exploMicrosoft Storage Computer Fan Customer Service IT Security HVAC Security Cameras Consultant Telecommuting Alerts Nanotechnology Remote Worker Print Server Tools NarrowBand Search Engine Remote Support Customers Practices nternet Crowdfunding Sync Uninterrupted Power Supply Cables Text Messaging Accountants Business Technology Knowledge Windows Server 2008 Amazon Web Services Advertising Addiction Virtual Private Network FENG Cameras Gaming Console Enterprise Content Management Licensing Company Culture Software Tips Distributed Denial of Service Remote Work Files Work Station Patch Management Wiring Law Firm IT Chromecast Password Manager Students Bing Screen Mirroring WIndows 7 Hosted Computing 360 Proactive Emails Virtual Reality Unified Communications Printer Server Shortcut Staff LinkedIn Notifications Online Shopping Cache Electronic Medical Records Project Management Business Mangement Business Owner Password Management User Net Neutrality Colocation Devices GDPR Windows 10s Worker Commute Laptop Healthcare Charger Shortcuts Cast Macro Managing Stress Domains Windows 8.1 Update Data Warehousing SharePoint Specifications Inventory Remote Monitoring and Maintenance Bloatware Start Menu Shadow IT Theft Digital Signature IoT HIPAA Science Regulations Evernote Hybrid Cloud Wireless Internet Hiring/Firing Warranty Co-managed IT Travel Touchpad Criminal NIST HBO IaaS Computing Infrastructure Thought Leadership E-Commerce Debate Webcam Electronic Health Records Computer Care eCommerce Millennials Relocation Hosted Solution Line of Business Entrepreneur Mobile Cortana Legal Multi-Factor Security Monitor Strategy Tablets Wireless Charging Wire Microchip Cryptocurrency Hiring/Firing Frequently Asked Questions Content Filter Camera Audit Windows Media Player Virtual Desktop Vendor Workforce PC Care Authentication MSP Netflix Cost Management Professional Services Google Apps Lifestyle Reputation 3D Insurance Upgrades Analyitcs Flash Fiber-Optic Scheduling Smart Office Root Cause Analysis Battery Content Two Factor Authentication Printers Emergency Video Games Music Worker Audiobook Thank You Assessment Employee/Employer Relationship Smartwatch Scalability Rootkit Politics Congratulations How to Television Transportation Troubleshooting Webinar Techology Automobile Public Computer Benefits IT solutions Regulation Employer Employee Relationship CrashOverride Smart Technology Loyalty Books Experience Utility Computing

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *