More than a dozen adware apps have been found promoted on Facebook, resulting in a total of more than seven million downloads, experts warn.
McAfee researchers discovered the malicious mobile apps and aggressive advertising campaign on one of the world’s largest social media platforms and warned that users were at risk of attack.
The promised functionality was to optimize the mobile endpoint (opens in new tab) and get rid of spyware, adware and other malware (opens in new tab). Instead, the apps pushed ads, while also frequently changing their names and icons to stay on the victim’s device for as long as possible — including disguised as the Play Store itself.
Faking the Play Store
The apps managed to serve the ads by exploiting the Android component of Contact Provider, which means that every time the user installs a new app, the adware uses this subsystem and starts the ad serving process. As a result, the user believes that the ads were displayed by the newly installed app.
The adware apps also create a permanent service for displaying advertisements, and if the user terminates the service, it simply restarts.
Here are the apps that McAfee found to be malicious – they’ve all since been removed from the Play Store:
- clutter cleaner
- Power Doctor
- super clean
- Complete Cleanup -Clean Cache
- Fingertip Cleaner
- Fast cleaner
- Keep clean
- Windy Clean
- Carpet Clean
- Cool clean
- Strong clean
- Meteor clean
The apps have been downloaded by users around the world, with South Korea, Japan and Brazil being the hardest hit.
While Google’s removal of the apps is certainly a welcome move, it doesn’t help those who have already downloaded them. Until they are removed, these apps remain a nuisance for the users.
- These are the free and paid options for the best firewall (opens in new tab) software to stay protected online
Via: BleepingComputer (opens in new tab)