It has become increasingly common for threat actors to use Google Play Store to attempt to get malicious applications listed there in recent years. In terms of trafficked Android app sources in the world, Google Play Store is considered the most popular.

On the Google Play Store, a new collection of 35 Android apps that are malicious in nature and display unwanted ads has been discovered by Bitdefender.

More than 2 million times, these apps have been downloaded to the mobile devices of victims worldwide. An analysis based on the behavior of the app, which was performed in real-time by Bitdefender researchers, revealed the potentially malicious apps. 

In the real-time detection of potential threats, this is certainly one of the most efficient methods available. There are a lot of apps out there that pretend to be specialized applications and use these tactics to entice users to install them. 

However, they often change their names and icons shortly after being installed, making uninstalling and finding them more difficult. This then leads to the malicious apps being used by users to serve intrusive advertisements by exploiting the WebView technology

As a result, their operators are able to generate fraudulent impressions and advertising revenues for profit. As these apps utilize their own framework for loading the ads, there is a possibility that some infected devices could be infected with additional malicious payloads.

Various Methods of Hiding

In addition to the implementation of multiple methods of hiding on Android devices, adware apps may also receive updates in order to make hiding on Android devices an easier process.

As soon as the apps have been installed, the icons are usually changed to a cog, and they are renamed to ‘Settings’. This is done so that they cannot be detected and deleted.

The malware application is launched with a size of 0 when the user clicks on the icon as it hides from view. In order to trick users into believing they have launched the correct app, the malware launches the legitimate Settings menu as a disguise.

The apps may sometimes appear as if they are part of a Motorola, Oppo, or Samsung system application with the look and feel of these brands.

A considerable amount of code obfuscation and encryption is also employed in the malicious apps, which are designed to thwart reverse engineering attempts. This is achieved by encrypting two DEX files that contain the main Java payload.

Alternatively, apps can be excluded from the list of recent apps so as to remain hidden from the user. Consequently, exposing active processes will not reveal them if they are running in the background.


Here below, we have mentioned all the recommendations offered:-

  • Make sure you do not install apps that are not really necessary for you.
  • If you are no longer using an app, make sure you delete it.
  • A well-established app that has few or no reviews and a large number of downloads should be avoided.
  • Apps requesting special permissions, such as Drawing over apps or Accessibility, should be avoided.
  • Make sure you do not install any apps that request permissions that are unrelated to the functionality they claim to offer.
  • Install a security solution that is capable of detecting malicious activity in the background.

Sponsored: Rise of Remote Workers: A Checklist for Securing Your Network – Download Free White paper

Guru is an Ex-Security Engineer at Comodo Cybersecurity. Co-Founder - Cyber Security News & GBHackers On Security.


Please enter your comment!
Please enter your name here