After a number of apps on Play Store were exposed of being loaded with adware last week by Check Point, a similar situation has surfaced once again, according to Avast’s Threat Intelligence Team. This time, the malicious app count has gone up to 50. The concerning thing is that all of these apps’ presence on the Google Play Store clearly says that they were able to get through all security checks imposed by Google. These apps mainly belong to the lifestyle category and have been downloaded over 30 million times, as of this moment.
Avast published a detailed blog post about its research and claimed that these apps are connected to each other via third-party libraries which are capable of bypassing security checks in the latest Android versions. With the help of these libraries, these apps make the device slower and bombard the users with ads, which is against Play Store guidelines. Sometimes, users will also be tricked into downloading more adware-filled apps.
The app malware goes by the name, TsSdk and two versions of it can be spotted on Play Store. The earlier version which has been installed over 3.5 million times, came along with game, fitness and photo related apps. After getting installed, these apps would add shortcuts to various pages and centers on the home screen of Android. Not only this, the apps were also found capable of automatically installing additional malware.
The recent versions of TsSdk can be found in music and fitness apps. Their installation count has crossed the 28 million mark. The code has been redesigned in such a way that it will be allowed to remain on a device for quite long. It will only get activated once a Facebook ad is clicked. “Deferred Deep Linking”, a Facebook SDK feature allows these apps to operate in such a way. After an ad is clicked, app will display more ads in the first hour, and then slow down gradually but the full screen ads continue to show up every 15-30 minutes after the hour, provided that the smartphone is unlocked.
Interestingly, the malware doesn’t operate effectively on Android devices with 8.0 version Oreo or above, according to Avast. The possible reason for it might be incompatibility with the apps’ background service management systems.
Avast reached out to Google in order to request the removal of these apps and a number of them have been taken down. However, the Tech Giant has yet to issue a statement.
Read next: Famous Hotspot Finder App in Google Play Store exposes Two Million Wi-Fi Network Passwords
Featured photo: Android / Instagram
Avast published a detailed blog post about its research and claimed that these apps are connected to each other via third-party libraries which are capable of bypassing security checks in the latest Android versions. With the help of these libraries, these apps make the device slower and bombard the users with ads, which is against Play Store guidelines. Sometimes, users will also be tricked into downloading more adware-filled apps.
The app malware goes by the name, TsSdk and two versions of it can be spotted on Play Store. The earlier version which has been installed over 3.5 million times, came along with game, fitness and photo related apps. After getting installed, these apps would add shortcuts to various pages and centers on the home screen of Android. Not only this, the apps were also found capable of automatically installing additional malware.
The recent versions of TsSdk can be found in music and fitness apps. Their installation count has crossed the 28 million mark. The code has been redesigned in such a way that it will be allowed to remain on a device for quite long. It will only get activated once a Facebook ad is clicked. “Deferred Deep Linking”, a Facebook SDK feature allows these apps to operate in such a way. After an ad is clicked, app will display more ads in the first hour, and then slow down gradually but the full screen ads continue to show up every 15-30 minutes after the hour, provided that the smartphone is unlocked.
Interestingly, the malware doesn’t operate effectively on Android devices with 8.0 version Oreo or above, according to Avast. The possible reason for it might be incompatibility with the apps’ background service management systems.
Avast reached out to Google in order to request the removal of these apps and a number of them have been taken down. However, the Tech Giant has yet to issue a statement.
Read next: Famous Hotspot Finder App in Google Play Store exposes Two Million Wi-Fi Network Passwords
Featured photo: Android / Instagram
