Google Removes Adware-Laced Kids' Apps From Play Store

Google Removes Adware-Laced Kids' Apps From Play Store

Google has struggled for years to stay malicious applications from sneaking into the Play Store, but a replacement round of takedowns is highlighting the challenge of getting the matter in check. At the start of March, Google removed 56 applications that appeared benign but were tainted with adware. They'd been downloaded quite 1,000,000 times before.

While quite half the apps claimed to be benign utilities like calculators, translation tools, or cooking apps—common adware smugglers—24 were specifically targeted at kids. These flashy offerings, like puzzles and racing games, are a very pernicious way for attackers to urge malware onto more victim devices. Researchers from the safety firm Check Point disclosed findings of the apps to Google as a part of ongoing research into how hackers conceal and distribute malware on Google Play. and they are publishing details about the adware today.

"Since parents have the tendency to offer their devices to their children to play with, luring children to put in malicious applications may be a prominent attack vector to succeed in devices of adults," says Aviran Hazum, manager of mobile research at Check Point. "Most children do not have the understanding of vetting out applications."

Adware may be a longstanding mobile menace, but attackers have gotten particularly aggressive about disseminating it in recent months. The threat detection firm Malwarebytes found in an annual study that adware "reigned supreme" in 2019 because of the commonest threat on Android devices, Macs, and Windows PCs. Earlier this month, the antivirus firm Avast published findings that adware specifically accounted for 72 percent of all Android malware between October and December last year. And beyond Android, every platform seems to be scrambling to scale back the danger to users. Microsoft announced at the top of February, for instance, that its Edge browser would start specifically scanning for and blocking adware downloads by default.

The adware within the tainted apps was specifically designed to undermine Android's "MotionEvent" mechanism. App developers use this to acknowledge movements like taps and multi-finger gestures and gather information about them, like their coordinates on the screen in two and three-dimensional space. MotionEvent helps apps interpret these user inputs to respond accordingly. The adware, which CheckPoint calls Tekya, was manipulating these inputs to simulate users' tapping ads.

The researchers observed Tekya creating false clicks to get revenue from ad networks including Facebook, Unity, AppLovin, and Google's AdMob. Adware manipulates the ad ecosystem to form money for hackers by making it appear to be a military of users who have viewed and interacted with ads. Many of the 56 infected applications Check Point identified weren't just benign-looking utilities, but actually clones of legitimate applications meant to confuse users and lift the prospect that they might accidentally download the malicious version—like a fake Stickman game, and versions of Hexa Puzzle and Jewel Block Puzzle. The group also included a malicious PDF reader and a Burning Man-themed app.

Tea hides its abusive functionality during a foundational layer of applications. referred to as "native code," this a part of software packages is notoriously difficult to vet for malicious components.

Google confirmed to WIRED that it removed the apps earlier this month. the corporate has worked diligently to curb the influx of malicious applications in Google Play—conducting large-scale coordinated takedowns and developing expanded detection tools to catch more lemons during the Play Store vetting process. the corporate has even enlisted outside help within the war on malicious apps.

With quite 3 million apps in Google Play and many new submissions every day, though, it's still proved challenging for Google to identify everything. As long as it's relatively easy for fraudsters to create and spread malicious apps, though, they go to stay coming.