Crooks are copying legitimate apps and lace them with “out-of-context” adware components. Users are having difficulty realizing which app is serving the intrusive ads. The apps have been removed from the Play Store, but only after 10 million people downloaded them. A team of researchers at ‘Satori Threat Intelligence’ has found 164 copycat Android apps that have a total of 10 million downloads on the Play Store. Google has already removed all of them following the relevant reports, but a large number of people may still be using them on their devices.

All of these apps mimic popular software projects like mobile AV tools or games, but in reality, they are just adware. The scammers who create these apps copy the code of legitimate apps and lace it with adware components.

As the ads are served and displayed out of the context of the application’s functionality, many users don’t realize which the culprit app is. Furthermore, these copycat apps use dynamically changing configurations controlled by a command-and-control JSON hosted on Dropbox, so the actors can change the ad-serving frequency, set tricky time delays, change the Publisher ID, and more.

To further obfuscate these apps’ malevolent operation, their authors have set the interstitial processes to be excluded from the “recent apps” list by default. This makes it harder for the users to figure out where the intrusive apps come from. Considering that the ads are typically served when the laced app isn’t even actively running, users would go through a lot of trial and error in order to figure out what causes the adware trouble on their devices.

Read the full list here. The list also includes several popular AntiVirus products, battery saver apps, file cleaner apps, RAM-freeing apps, and free VPN apps.Want more tips? Follow us to learn more about IT security solutions and monitoring. We can help you design a solution to meet your need. Here at ManagedTEK we strive to provide top security solutions. If you have an immediate IT need, you can always reach us at 707.205.3727. ManagedTEK’s goal is to create a plan specifically focused on each business that we serve. Technology made simple.


This discussion appeared on TechNadu and WhiteOps blog .