Hundreds of apps were packed with adware that could compromise your phones, researchers found.
Security researchers from Check Point found malicious code in 210 Android apps on the Google Play store, that had been downloaded nearly 150 million times. The malware was hidden inside a software development kit (SDK) on these apps, which was used for advertising purposes.
The infected apps were able to display background ads, open the browser to any page, and download more malicious apps from either the Google Play store or a remote server, Check Point’s researchers said. The new browser page could lead to phishing websites — with pages that look real but are designed to trick people into revealing their login credentials.
There was also code on the SDK that allowed the malicious app to delete its own icon, making it harder for victims to delete.
While these apps were fully capable of all this, the only malicious activity they had seen it doing was showing ads, Jonathan Shimonovich, a group manager at Check Point, said in an email.
Adware is a rising threat for mobile apps as attackers look to take advantage of millions of devices to make money through ad fraud. Advertisers pay a lot of money to get views, and hacker know they could generate fake views through infected devices.
In February, researchers detailed the DrainerBot ad fraud — malware that downloaded gigabytes of video ads that victims never saw.
The Google Play store is a frequent target for ad fraud because it’s more open to developers than Apple’s App Store. Android has improved its efforts to curb bad apps, writing that it’s fixed vulnerabilities for more than 75,000 apps in the last year.
Adware and malicious activity can often be hidden in the SDK, which are third-party tools used across apps. In another research paper Check Point released on Wednesday, the security company said it found that an SDK hidden on 12 apps was stealing contact information from up to 111 million devices in China.
“Before integrating SDKs into their mobile applications, developers need to be aware of potential risks of undocumented and malicious behaviors implemented in third party SDKs,” Check Point said.
On the Google Play store, the adware SDK was hidden in hundreds of apps, the majority of which were simulator games, the researchers found. The app with the most downloads was Snow Heavy Excavator Simulator, with more than 10 million downloads. Other games included Real Tractor Farming Simulator and Car Parking Challenge, both with more than 5 million downloads.
The malware was also found in live wallpaper apps and editing tools like Girlfriend photo editor, which was downloaded more than 1 million times.
Check Point said it notified Google, and the web giant said the apps have been removed but didn’t answer questions on how they had slipped onto the Play Store to begin with.