The researchers said the deceptive apps, which included dozens of popular games and TV and remote control simulators, were downloaded at least 9 million times around the world.
“This adware is capable of displaying full-screen ads, hiding itself, monitoring a device’s screen unlocking functionality, and running in the mobile device’s background,” the researchers said in a blog post. “After verifying our report, Google swiftly suspended the fake apps from the Play store.”
Some of the now-suspended adware-fueled apps included: A/C Air Conditioner Remote, Police Chase Extreme City 3D Game, Easy Universal TV Remote, Garage Door Remote Control, and Prado Parking City 3D Game.
The full list of apps can be viewed here.
Having amassed five million downloads, the Easy Universal TV Remote was the most downloaded of the bunch. The app claimed to allow users to use their smartphones to control their TV. However, a large number of reviews stated that ads were “hidden in the background.” Some users said there were “so many ads, [they] can’t even use it.”
“While the fake apps can be removed manually via the phone’s app uninstall feature, it can be difficult to get there when full-screen ads show up every 15 or 30 minutes or each time a user unlocks the device’s screen,” Trend Micro noted.
Thwarting malicious apps
Malware has been a persistent problem on the Google Play store. In January 2018, the tech giant pulled around 60 gaming apps from its Play store because they contained “a new and nasty malicious code.” In late November, Google removed 13 apps disguised as car racing games that were infected with malware.
In the past year, Google has removed more than 700,000 malicious apps from its Play store and has taken steps to prevent bad apps from ending up in the store in the first place.
“Google had to step in and increase their security systems like a bouncer, and created Google Play Protect,” Lukas Stefanko, a malware researcher at ESET, told Wired. “Attackers are constantly trying to penetrate [Google’s] security systems."