Google pulls 15 apps from Play Store for fraudulent ad revenue grab

News by Larry Jaffee

Preying on an individuals' desire to personalise their mobile phones, scammers infused at least 15 Android wallpaper apps to redirect phony ad click revenue, reported Trend Micro in a blog post.

Preying on an individuals’ desire to personalise their mobile phones, scammers infused at least 15 Android wallpaper apps to redirect phony ad click revenue, reported Trend Micro in a blog post.

The Google Play Store removed the mobile phone apps, which were downloaded more than 222,200 times while being available over a period of several months. Victims were spotted in Italy, Taiwan, the United States, Germany and Indonesia appeared to be the most infected, according to Trend Micro.

"History shows [Google Play Store] have been quick to remove malicious apps once they have been alerted by us," Jon Clay, Trend Micro director of global threat communications. He added the Google store has not been reluctant to remove malware-infected apps "as long as we provide them with enough information and evidence of an app being malicious or potentially unwanted."

The fraudulent scheme featured aesthetically attractive designs that received excellent user reviews, such as a 4.8 for "Wild Cats HD," itself downloaded more than 10,000 times. "We highly suspect that these reviews are fake and meant to project credibility to users," wrote Tony Bao, the author of the post.

Trend Micro discovered the apps, once downloaded, decoded the command and control server address for the configuration, unbeknownst to the user because the entire process was muted to hide the activity.

Meanwhile, Google Play Services’ advertising ID was then replaced with different URL parameters, enriching cyber-criminals profit by hacking the system provided by Google for Android developers to monetise their apps.

Tracking the scheme, Trend Micro found the fraudulent app’s package name replaced the IP with the infected device’s current IP, loading the URL as the browser background was set to transparent. After the URL loaded, the apps simulated clicks on the ad page.

Clay said Trend Micro researchers regularly find PUA (potentially unwanted application) or malicious apps within third-party app stores and occasionally on Google Play. 

"The size of this ecosystem requires organisations like Trend Micro to discover and analyse apps on a regular basis and submit those we find malicious," Clay said, noting that most vulnerabilities are found by the research community and not the manufacturers themselves.

Trend Micro has not found any apps within the iTunes store that exhibit this type of behavior, he added.

Trend Micro said its discovery underscored the absolute need for users to be "vigilant and be cautious of the apps they download, as cyber-criminals will continue manipulating app features to profit, steal information and attack."

It behooves consumers to protect their mobile devices with a comprehensive security structure and program against mobile malware, the company advised.

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews