Malware on Android is not new anymore but this time adware has taken over Google play with approx 10 million downloads. Avast researchers have identified three apps that might have millions of downloads. The apps identified are “Durak card game app”, “IQ Test” app and “Russian History” app from three different developers performing the same adware installation.
Durak card game app alone has 5 to 10 million installs, and the combination of all the three apps have more than 15 Million installs, according to the data on Google Play Store.
The scareware tricks the user to install app with a warning message “WARNING!! YOUR DEVICE IS INFECTED”
Once this app is installed on users android phone, the app display adware(ads) disguised as warning messages to end users when they use their Android smartphones, as per the Avast blog blog post .
“When you install Durak, it seems to be a completely normal and well working gaming app,” says Avast researcher Filip Chytry. “This was the same for the other apps, which included an IQ test and a history app. This impression remains until you reboot your device and wait for a couple of days. After a week, you might start to feel there is something wrong with your device.“
The researcher saw different kinds of behavior and one of them was prominent. After 30 days users saw sudden increase in ads frequency appearing on infected android smartphone. Every time when a user unlocked their device they would see the ads which often said their phone is infected or needs a update. If the user choose to approve the message then users were either signed up for premium SMS or install apps to collect user information.
Surprisingly some ads even pointed to legitimate security websites or Google play which was hinting of social engineering. Either case the malicious app was one of its kind and combined of all 3 apps there were approx 15 million downloads out of which Durak had around 10 million.