"Researchers Find 35 Adware Apps on Google Play"

Security researchers at Bitdefender warn about malicious applications hiding on official mobile app stores after finding dozens of them on Google Play.  The researchers identified 35 in total by using behavioral analysis technology to scan the marketplace.  They totaled over two million downloads.  The researchers warned that the apps perform various malicious activities to achieve persistence on the user's device and bombard them with advertising, but could also be a conduit for malware.  The researchers stated that many legitimate apps offer ads to their users, but these ones show ads through their own framework, which means they can also serve other types of malware to their victims.  The researchers noted that most of the time, users can choose to delete the application if they don't like it.  However, these new malicious apps trick victims into installing them, only to change their name and icons and even take some extra steps to conceal their presence on the device.  The researchers noted that the users can still delete them at will, but the developers make it more difficult to find them on the affected devices.  A "GPS Location Maps" app was the most popular of the bunch, garnering over 100,000 downloads but no reviews.  Immediately after downloading, it apparently changes its label from "GPS Location Maps" to "Settings" and also changes its icon, making it more difficult for users to find and uninstall it.  Then the developer also used heavily obfuscated code and encryption to make reverse engineering more challenging for researchers.  Other techniques observed by the researchers to hide the adware include ensuring the apps don't show in the list of those most recently used on Android.  The researchers noted that some apps also request permission to bypass the battery optimization feature so they don't automatically get shut down by the OS.  The researchers stated that although the official developer names linked to these 35 apps are all different, they noticed that the email addresses and websites associated with them appear similar, indicating they're the work of a single entity or individual.

Infosecurity reports: "Researchers Find 35 Adware Apps on Google Play"