Dozens of Android apps infected with adware found on the Google Play Store

The iffy Android apps have been downloaded more than eight million times since July 2018

Researchers at security firm ESET have discovered numerous adware-laced apps in the Google Play Store serving unwanted adverts to users as part of a money-making scheme.

The researchers claim that they found 42 such apps in Google's Play Store, ranging from a free FM radio, to file downloaders, to games. These malicious apps have been downloaded more than eight million times since July 2018, the researchers claimed.

If a user tries to delete the malicious app, it just deletes a shortcut icon

About half of the malicious apps were removed straightaway by Google following ESET's intervention. The remaining apps were removed later by Google's security team, although most of the apps are still available in third-party app stores, according to ESET.

Adware is a type of malware that hides itself on a device in a bid to serve undesired adverts, including scam ads, to users. Apps containing adware are usually a big nuisance for users as they can drain battery resources, steal personal details of users, and also increase network traffic.

According to ESET researchers, this particular campaign has been active since July 2018, and has been traced by ESET to a Vietnamese college student.

The identity of the person was determined using information gathered from various public sources. ESET claimed that a low level of operational security by the developer helped its researchers to track down the actor behind the campaign.

The researchers said they were able to uncover the registration details of the command and control server being used in the campaign.

These details included the name, email, city, phone number and country of the registrant. They also helped researchers to identify an empty GitHub repository and a YouTube channel associated with the malicious developer, pushing adware-laced apps.

ESET researchers named the family of 42 malicious apps as "Android/AdDisplay.Ashas." All these apps look normal initially, but, following installation, they start serving full-screen ads at semi-random interval.

They also mimic Google and Facebook's apps to avoid suspicion. If a user tries to delete the malicious app, it just deletes a shortcut icon, and the app continues to operate in the background, sending the data about device back to the app operator.

To prevent detection, these apps check if they are being tested by Google Play's security mechanisms, and if that is the case, they avoid triggering the adware payload.

The most popular among the 42 malicious apps is the Video Downloader Master, which was downloaded five times by Android users.

Computing asked Lukas Stefanko, ESET malware researcher, whether he believes Google has a responsibility to inform users of Android when an app they have been using is found to be insecure or in some way compromised.

"Google actually informs such affected users," said Stefanko.

"If there is a malicious app that was formerly available on Google Play still present on a user's device, Play Protect will prompt to uninstall such an app from the device with an explanation of its harmful functionality. This happens, of course, only if the user has enabled Play Protect," he added.

According to Stefanko, the malicious developer has also published apps in Apple's App Store, although none of them contain adware functionality.