Cyber Security Threat Summary:
“The Google Play store was infiltrated by 43 Android applications with 2.5 million installs that secretly displayed advertisements while a phone's screen was off, running down a device's battery. McAfee's Mobile Research Team discovered the malicious Android apps and reported them to Google as they violated Google Play Store's policies. Google subsequently removed the apps from Android's official store. The applications were mainly media streaming apps and news aggregators, and the target audience was predominately Korean. However, the same deceptive tactics could very easily be applied to other app categories and more diverse user demographics. While these applications are considered adware, they still pose a risk to users as they open the door to potential user profiling risks, exhaust device battery life, consume significant internet data, and perpetrate fraud against advertisers” (Bleeping Computer, 2023).

Security Officer Comments:
According to McAfee, the Google apps are impersonating TV/DMB player, Music Downloader, News, and Calendar applications to get downloads. To deceive end users who install the applications, the apps will wait several weeks before activating their ad-fraud activity. Although Android has a power-saving feature that places apps in standby mode when the device is not being used, McAfee noted that the malicious applications will request users to exclude the apps from the power-saving system, in turn allowing the applications to load advertisements and generate revenue even when the device’s screen is off.

Suggested Correction(s):
When installing applications from the play store, looking at the user reviews and ratings can help determine the authenticity of the application. Furthermore, certain apps will request more permissions than required to function as intended. In general, it’s safe to avoid installing such applications, especially those requesting to be excluded from Android’s power-saving system.

Link(s):
https://www.bleepingcomputer.com/