LightsOut adware infects utility apps, bypasses Google Play Store checks

Saturday, 06 Jan, 2018

Malicious apps posing under names including Security Defender, Security Keeper, Smart Security, and Advanced Boost managed to slip past Play Store defences and onto the devices of Android users - it's likely that by offering a handful of useful services to users and obfuscating their malicious activities, the apps were able to pass the verification process by appearing to look like legitimate tools.

The publication also identified some of the apps that use their software to collect TV habits information from the users. If the user clicks the button to resolve the detected "Fraud SMS Broadcast Vulnerability", then the app will just show a simple animation illustrating that the problem has been 'resolved.' This way, the user will think the app is working and will not be suspicious of it, ' they noted.

Some users who downloaded the malware-laden Android apps were forced to click on ads to answer calls or perform other actions on their device.

Alphonso, in the meantime, maintains a veneer of virtuousness, asserting that their technology doesn't record people's conversations, and that the minutiae of their policy is clearly laid down in the app's description and privacy detailing. That may be true, but many people don't bother reading the fine print.

Pokémon GO returned to the top of the App Store charts on December 21 with the introduction of new augmented reality features, built on Apple's ARKit framework.

That's not all - the malware also bombards users with relentless advertising. The number of apps and games running the software is not thought to be negligible - estimates are around 1,000 - nor are they confined to obscure platforms; 250 or so are available to download from the titanic Google Play, with a smaller but not anomalous number on Apple's App Store. It had also emerged recently that mobile manufacturer OnePlus was providing information about its users to the Chinese government.

"The aggressive ads show up during many different scenarios - for example, after the app sends notices to unlock the device screen or if the user is told to connect to a charger", said Wu.

Since you obviously want to get a great app idea or dazzling development work in front of the largest possible audience, you need to know Android. A lot of parents will find this collection abhorrent as well as weird. Consequently, Google Safe Browsing tool will warn mobile users on apps and on websites leading to apps that collect a user's personal data without their consent.