Warning: Icon-hiding Android adware returns to the Play Market

Warning: Icon-hiding Android adware returns to the Play Market

A security firm has discovered fifteen risky apps on the Google Play Store. These harmful apps that have gone a stage further—literally “hiding their app icons in the launcher… or disguising themselves in the phone’s App settings page.” Shockingly, these apps have been downloaded by users more than 1.3 million times collectively. Many of these apps were published in the Google Play Store as recently as July. These dodgy apps seem like utility apps, but they are the adware that automatically generates large and intrusive ads onto our device.

According to a report by the firm SophosLabs, after installation, these malicious adware apps don’t even show up as icons in the launcher, which makes it very challenging for users to identify, detect, and delete them. Initially, it was reported that some of these apps showed a misleading error with the message saying that the app is not compatible with the device when the user tries to launch them. On the other hand, the app runs in the background and generates frequent, large intrusive ads. These apps hide their app icons in the launcher to make it difficult for the user to find and remove them.

“If history is any indication,” Sophos warns, “there are likely many more waiting to be found.”

In brief, these malicious apps trick users into installing them to perform a trivial service. The app disappears from view, but it is running, disguised under a system name, making it impossible to detect and stop without effort. If these apps aren’t visible, then they won’t elicit the user’s concerns, and consequently, they become more challenging to delete without making an effort to detect them. That is the theory. But now those apps have been exposed. Users are urged to root these apps out, stop them, and delete them completely.

Let’s be clear, free apps that deliver ads in their unpaid versions might be irritating, but they’re not necessarily fraudulent. But here we are talking about apps designed to deliver ads—it’s their sole purpose. It is the direct opposite of free apps; the ads are the focus, and the app itself a wraparound.

Nine out of fifteen apps deliberately used icons and names to set out to fool people into thinking they were system applications required for their Android device. These apps include image editors, QR code scanners, and a phone finder.

“The app icon is still visible in the phone’s ‘gear’ Settings menu, under Apps,” Sophos explained.

Here are the fifteen apps exposed by Sophos.

These malicious apps have been removed from the Google Play Store. But, 1.3 million users already have them on their phone running in the background without their knowledge. We strongly advise everyone to carefully sift through your child’s Android devices and remove any of these applications at once. The mere presence of these applications can have potential security and privacy leaks that parents would want to avoid at all costs.

Here is the full list of packages to look out for:

App Package Name Installs Published Date
Flash On Calls & Messages free.calls.messages 1,000,000+ Jan 2019
Read QR Code com.a.bluescanner 10,000+ May 2019
Imagine Magic com.bb.image.editor 10,000+ May 2019
Generate Elves com.cc.image.editor 100,000+ June 2019
Savexpense com.d.bluemagentascanner 10,000+ June 2019
QR Artifact com.doo.keeping 1,000+ May 2019
Find Your Phone: Whistle com.e.orangeredscanner 10,000+ July 2019
Scavenger — speed guard com.hz.audio 10,000+ June 2019
Auto Cut Out Pro cos.mos.comprehensive 10,000+ April 2019
Background Cut Out com.garbege.background.cutout 10,000+ July 2019
Photo Background com.hanroom.cutbackground 50,000+ July 2019
Image Processing com.jiajia.autocut.photo 100,000+ July 2019
Background Cut Out New com.jiakebull.picture.background 50,000+ July 2019
Auto Cut Out com.fruit.autocut.photo 10,000+ July 2019
Auto Cut Out 2019 com.huankuai.autocut.picture 10,000+ July 2019

Andrew Brandt, a principal researcher at Sophos, warns that “while these apps have been removed from the Google Play Store, there may be others we haven’t yet discovered that do the same thing.”

He also explained that if the user suspect wants to check against the published list, tap Settings >> Apps & Notifications. At the top of this page, there will be a list of most recently opened apps. If you observe any app using the generic Android icon (which looks like a little greenish-blue Android silhouette) and have generic-sounding names, for instance Back Up, Update, Time Zone Service, tap the generic icon and then click “Force Stop” followed by “Uninstall.” One thing to notice here is that if these are real system apps, they won’t offer an “Uninstall” option; in fact, they will have a “Disable” option.

Lastly, the typical advice is applicable here. Try to avoid trivial utility apps just because they seem beneficial and free – they are free for a reason. Even if the downside is simply unwanted ads, the fact is such dodgy apps can be riskier than that. Also, you can save yourself by checking customer reviews before installing an app from an unknown developer. Given how much personal information we carry on our smartphones, don’t leave the backdoor open to anyone with a free install.