Symantec researchers have discovered a pair of Google Play Store apps with a combined 1.5 million downloads that use hidden click fraud adware that slows down phones and drains their batteries.
Specifically, the researchers have identified the apps as “Idea Note: OCR Text Scanner, GTD, Color Notes” and “Beauty Fitness: daily workout, best HIIT coach” from developer Idea Master.
The apps went unnoticed for 12 months before Symantec found and reported the issues to Google, which removed them from the Play Store.
While on people’s phones, the apps were able to change the entire structure flow of an .APK file. They also ran adware that was hidden from the user, so they were clicking on these phone-affecting ads without actually being aware. All the while, these ads would generate ad revenue for Idea Master.
“As threat actors generate ghost clicks and ad revenue, impacted devices will suffer from drained batteries, slowed performance, and a potential increase in mobile data usage due to frequent visits to advertisement websites,” Symantec researchers May Ying Tee and Martin Zhang wrote in a post.
“These apps went unnoticed on the Google Play Store for nearly a year, affecting roughly 1.5 million users before we uncovered their sneaky behavior. The apps’ use of Android packers and the unusual method of hiding advertisements adds a level of complexity for security researchers.”