Skip to main content

Symantec Finds New Ad Malware In Play Store

Symantec revealed three malicious Android apps that click on ads without their user's knowledge or consent.

Two of the apps--Fast Charge 2017 and Fast Charger X3 Free--have been downloaded between 10,000 and 50,000 times in North America. (Google's Play Store publicly releases only broad ranges.) The third, Clear Master Boost And Clean, has been downloaded between 5,000 and 10,000 times. All three use a variety of methods to prevent users from learning their real purpose or stopping them from earning their creators some more money.

Symantec said the apps "use delayed attacks, self-naming tricks, and an attack list dictated by a command and control server" to evade detection and find targets. These features "are relatively common on their own, but have not been seen together," the company said. Given their popularity, the difficulty with which they are stopped, and their ability to receive new targets from central servers, the apps could earn their operators a pretty penny.

"Even on the Android platform, an app can appear to be many things to many different interfaces," Symantec said. "These specific apps use one name on the home screen while hiding under a different process name. In one example we encountered, the app title was ‘Fast Charger’ on the home screen, while the process name according to the ‘Settings > Apps’ dialog appears as ‘android’. Once the app hides by deleting itself from the launcher, all that’s left is a process called ‘android’; an unlikely candidate for a user to force quit."

Ad-focused schemes can be quite lucrative. White Ops revealed in December 2016 a system called Methbot that watches up to 300 million video ads each day to earn between $3 million and $5 million daily. These apps probably don't have anywhere near as much reach, but they're still an easy way for someone to make a buck. And, unlike other Android malware, these apps didn't pose as a popular game or use a third-party marketplace to do it.

Symantec, as always, recommended some best practices for avoiding malware:

Keep your software up to dateDo not download apps from unfamiliar sitesOnly install apps from trusted sourcesPay close attention to the permissions requested by appsInstall a suitable mobile security app, such as Norton, to protect your device and dataMake frequent backups of important data

Some of those, like paying attention to app permissions or frequently backing up mobile data, would be useful here. But it seems like things will only get harder for people who worry more about avoiding malicious apps in general than about responding to specific threats discovered by security companies.

  • cletus_slackjawd
    Problem with most phone apps is they want permission to things they should never ask for, my phone lists, microphone, camera? and all for a single player game?
    Reply
  • wifiburger
    yeah well user's aren't very smart downloading 'fast charge' like seriously
    Reply
  • joytech22
    Before you install an app, you're TOLD what permissions the app is asking for. If you accept it and install it that's your fault.
    Reply
  • wildkitten
    19258644 said:
    Before you install an app, you're TOLD what permissions the app is asking for. If you accept it and install it that's your fault.

    But you're never explained to WHY those permissions are needed. Occasionally the Android blogs will have articles explaining why sometimes apps will ask for permissions that an app seemingly doesn't need yet really does.

    Google needs to have devs write a simple permission explanation as to why an app needs permission to something, not just that it wants it.

    Reply