A newly discovered mobile adware program called LightsOut was recently observed in 22 fake Android flashlight and utility applications, reportedly prompting their removal from the Google Play Store.
Prior to their banishment, the apps had already been collectively downloaded by users between 1.5 million and 7.5 million times, researchers with Check Point Software Technologies have reported in a 5 January blog post.
According to Check Point, the malware bombards users with ads that are triggered by the simplest acts, including ending a call, plugging in a charger, establishing a Wi-Fi connection, or locking a screen. This has resulted in users being forced to interact with malicious ads to perform even basic functions like answering calls. One victim even reported that the malicious ads continued to appear even after he purchased an ad-free version of the app.
While the app supposedly gives users the option of disabling certain functions, including ad displays, in reality LightsOut “can override the user's decision and continue to display ads out of context,” the blog post states. “Since the ads are not directly connected to LightsOut's activity, the user is unlikely to understand what caused them, and even if he does he won't be able to find the app's icon and remove it from his device,” because the app intentionally hides its icon.