Google removes 85 adware apps that were installed by millions of users

Adware-infected apps masqueraded as games and TV remote controllers.

Google has removed 85 Android apps from the official Play Store that security researchers from Trend Micro deemed to contain a common strain of adware.

The 85 apps had been downloaded over nine million times, and one app, in particular, named "Easy Universal TV Remote," was downloaded over five million times, according to researchers.

While the apps were uploaded on the Play Store from different developer accounts and were signed by different digital certificates, they exhibited similar behaviors and shared the same code, researchers said in a report published today.

But besides similarities in their source code, the apps were also visually identical, and were all of the same types, being either games or apps that let users stream videos or control their TVs remotely.

android-adware-apps.png

Sample of Android apps infected with adware, detected by Trend Micro

Image: Trend Micro; Composition: ZDNet

The apps were blatant adware, and you didn't need to be a security researcher to realize they were malicious.

The first time users ran any of the apps, they would proceed to show fullscreen ads in different steps, asking and reasking users to press various buttons to continue.

If the user was persistent and stayed with the app until it reached a menu page, every menu button push would trigger yet another fullscreen ad, over and over again until the app would suddenly crash, hiding its original app icon.

But despite the crash, unbeknownst to the user, the app would continue to run in the phone's background, showing new fullscreen ads ever 15 or 30 minutes, generating profits for the fraudsters until users either removed the apps or reset devices to factory settings as a last resort.

Trend Micro says it reported all apps to Google and the OS maker reacted quickly and removed the offending apps immediately after confirming their report.

A list of the 85 adware apps is available in this PDF file. While the Google Play Protect service disabled the apps on users' smartphones, users who access their Google Play app will also be able to see an alert if they previously installed one of the apps, along with a prompt to uninstall any apps from their devices for good.

Google has been seeing a flood of apps infected with all different strains of adware in the past few months. Besides adware, Google also removed another app from the Play Store last week that contained a version of the MobSTSPY spyware. That app was downloaded by over 100,000 users.

More security news: