Cybersecurity researchers from Dr.Web discovered a handful of Android apps that were pushing ads and stealthily subscribing people to premium services.
The apps were pretending to be games, messengers, and wallpaper apps, among others, and were mostly distributing three known malware families - FakeApp, Joker, and HiddenAds.
A million downloads
Upon installing one of these apps, they would immediately change their icon on the device, to something the user would reluctantly remove, such as the Chrome browser. In some cases, the researchers added, the trojans would simply remove their icons altogether, to seem as if there is an empty space in the app drawer.
The apps would then launch in the background, and deliver ads to the victim via their browser. That way, they would generate significant profits for the developers. The ads included things like casino websites, fake investments, and similar - all of which are in violation of Google’s policies.
The biggest trojan that managed to move past Google’s defenses and into the Play Store is Super Skibydi Killer, a game app with a million downloads. Other notable mentions include Agent Shooter (500,000 downloads), Rubber Punch 3D (500,000 downloads), and Rainbow Stretch (50,000 downloads).
There are also apps that subscribe the victim to premium services without their knowledge, including Love Emoji Messenger (Korsinka Vimoipan) with 50,000 downloads, and Beauty Wallpaper HD (fm0989184) with 1,000 downloads.
While Google removed all of the apps from the Play Store before this article was published, that only protects future potential victims. Those that have already downloaded the apps can only be safe if they remove them from their endpoints. If you suspect your device was compromised, besides the abovementioned apps, look for these:
Eternal Maze (Yana Pospyelova)
Jungle Jewels (Vaibhav Wable)
Stellar Secrets (Pepperstocks)
Fire Fruits (Sandr Sevill)
Cowboy's Frontier (Precipice Game Studios)
Enchanted Elixir (Acomadyi)
More from TechRadar Pro
- This dangerous Android malware could steal passwords and other data just by using images
- Here's a list of the best firewalls today
- These are the best ID theft protection services around
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.