Sunday, May 18, 2025
HomeAdware49 Malicious Android Adware Apps in Google Play Infects 3 Million...

49 Malicious Android Adware Apps in Google Play Infects 3 Million Users with Anti-uninstall Functions

Published on

SIEM as a Service

Follow Us on Google News

Researchers discovered nearly 49 malicious Android Adware Apps from Google play store related to games & stylized cameras, and these apps were downloaded by 3 million Android users around the globe.

Adware is a trending threat in 2019, especially targeting Android users, and it is a sweet spot for cybercriminals due to the over popularity of Android.

“GBHackers on Security” reported several adware incidents in the past few months, and it’s rapidly growing to exclusively target the Android users to generate millions of dollars revenue.

- Advertisement - Google News

Android adware apps that discovered in this report have an ability to hiding themselves within mobile devices to display the ads, also deploying anti-uninstall, and evasion functions that’s a kind of sophisticated method compare to the traditional adware infection.

Very recently we have reported 85 fake photography and gaming adware apps that also employed unique techniques to evade detection. 

Android Adware Apps
adware apps

Android Adware Apps Infection and Behavior

Apps that spotted in Google play that pushing adware is disguise their icons and push full-screen ads on the victim’s devices, and ads don’t allow users to exit, instead, victims need to click the HOME button to exit the ads page.

App developers are cleverly written code to hide the app icon malicious app’s icon, and also it used several evasion techniques to make sure it remains undetected.

Android Adware Apps
Fullscreen Ads (Credits: Trend Micro)

Researchers from Trend Micro discovered the following technique used by these adware apps developers and published their apps in the Google Play store.

  • Adware apps code is heavily obfuscated.
  • Strings are not only encoded by base64 but also encrypted with custom algorithms with the package name as the key
  • The adware shortcut is disguised as a popular default browser and uses the same icon, if users click on it then it opens an ad page and creating multiple shortcuts in the home screen.
  • Adware action is differs based on the OS version from lower to higher.
  • The adware is kept alive with the StartForgroundService function (deployed after Android OS 8.0). It registers itself as a foreground service, meaning it can run even if the user is not interacting with it. 

Once anyone of the Android adware apps installed, it creates too many browser shortcuts, when users clicked on a fake chrome icon, a blank web page opens, and the page gets refreshed into a full-screen ad.

“After seeing the full-screen ad, the user may try to click ‘recent Screen’ button to check where it came from or close the ad. But there is no information displayed and no clue about where the ad came from”, Trend Micro said.

Android Adware Apps
 Screenshots showing duplicate shortcuts disguised as Chrome browsers

Code is written for these adware apps to provides a maximum show count and also sets an interval time to decide when the ad needs to appear on the victim’s device.

“All the malicious adware apps were taken down by Google, the total number of downloads was more than 3 million.” Trend Micro said.

You can also read the Top 5 Best Adware Removal Tool to Block Annoying Ads.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

VMware ESXi, Firefox, Red Hat Linux & SharePoint Hacked – Pwn2Own Day 2

Security researchers demonstrated their prowess on the second day of Pwn2Own Berlin 2025, discovering...

Critical WordPress Plugin Flaw Puts Over 10,000 Sites of Cyberattack

A serious security flaw affecting the Eventin plugin, a popular event management solution for...

Sophisticated NPM Attack Leverages Google Calendar2 for Advanced Communication

A startling discovery in the npm ecosystem has revealed a highly sophisticated malware campaign...

New Ransomware Attack Targets Elon Musk Supporters Using PowerShell to Deploy Payloads

A newly identified ransomware campaign has emerged, seemingly targeting supporters of Elon Musk through...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Android Security Update -A Critical RCE Vulnerability Actively Exploited in the Wild 

Google has released critical security patches for Android devices to address 57 vulnerabilities across...

GPUAF: Two Methods to Root Qualcomm-Based Android Phones

Security researchers have exposed critical vulnerabilities in Qualcomm GPU drivers, impacting a vast array...

SpyMax Android Spyware: Full Remote Access to Monitor Any Activity

Threat intelligence experts at Perplexity uncovered an advanced variant of the SpyMax/SpyNote family of...