
As many as 30 malicious Android apps with cumulative downloads of nearly 10 million have been found on the Google Play Store distributing adware.


"All of them were built into various programs, including image-editing software, virtual keyboards, system tools and utilities, calling apps, wallpaper collection apps, and others," Dr.Web said in a Tuesday write-up.


While masquerading as innocuous apps, their primary goal is to request permissions to show windows over other apps and run in the background in order to serve intrusive ads.


To make it difficult for the victims to detect and uninstall the apps, the adware trojans hide their icons from the list of installed apps in the home screen or replace the icons with others that are likely to be less noticed (e.g., SIM Toolkit).


Some of these apps also offer the advertised features, as observed in the case of two apps: "Water Reminder- Tracker & Reminder" and "Yoga- For Beginner to Advanced." However, they also covertly load various websites in WebView, and simulate user actions to click on banners and ads.

其中一些应用程序还提供广告功能,正如在两个应用程序中所观察到的那样:“水提醒 - 跟踪器和提醒”和“瑜伽 - 初学者到高级”。然而,他们也秘密地在网络视图中加载各种网站,并模拟用户操作以点击横幅和广告。

Also uncovered are another set of apps distributing the Joker malware in the form of launcher, camera, and emoji stickers apps that, when installed, subscribe users to paid mobile services without their knowledge and consent.



The third category of rogue apps relates to those that pose as image editing software but, in reality, are designed to break into Facebook accounts.

第三类流氓应用程序与那些伪装成图像编辑软件但实际上旨在侵入 Facebook 帐户的应用程序有关。

"Upon launching, they asked potential victims to log in to their accounts and then loaded a genuine Facebook authorization page," Dr.Web researchers said. "Next, they hijacked the authentication data and sent it to malicious actors."

“启动后,他们要求潜在受害者登录他们的帐户,然后加载一个真正的 Facebook 授权页面,”Dr.Web 研究人员说。“接下来,他们劫持了身份验证数据并将其发送给恶意行为者。”

Last but not least, also spotted on the app storefront was a rogue communications app known as "Chat Online," which tricks users into providing their mobile phone numbers under the pretext of signing up for online dating services.

最后但并非最不重要的一点是,在应用程序店面上还发现了一款 名为“Chat Online”的流氓通信应用程序,该应用程序以注册在线约会服务为借口诱骗用户提供他们的手机号码。

In a different version of the same malware, a seemingly real conversation is initiated, only for the app to prompt users to pay for premium access to continue the chat, incurring fraudulent charges.


Although these apps have been purged, it's no surprise that mobile malware has been proven to be resilient, what with the criminal actors constantly finding new ways to bypass protections put in place by Google.


Users are recommended to exercise caution when it comes to downloading apps, Google Play or otherwise, and refrain from granting extensive permissions to apps. Turning on Google Play Protect and scrutinizing app reviews and ratings are other ways to secure devices from malware.

建议用户在下载应用程序、Google Play 或其他方式时谨慎行事,避免向应用程序授予广泛的权限。打开Google Play Protect并检查应用评论和评级是保护设备免受恶意软件侵害的其他方法。





翻译水平有限 :(

有歧义的地方,请以原文为准 :)
