Cybersecurity

Cybersecurity firm finds adware on official marketplace affecting millions

Kaspersky researchers have found that the number of applications capable of bombarding users with unwanted advertising is increasing on official marketplaces. Three new applications with adware modules were found on the Google Play store in a span of just three months, potentially affecting millions of users.

Adware is a form of unwanted software that displays ads to users and has been one of the most popular “not-a-virus” threats for years. The monetization methods used in such software can pose a threat to users, and yet bring in more revenue for developers due to greater viewership, with the latter adopting new techniques in order to make such ad modules harder to detect by both users and cybersecurity technologies.

While threats that target mobile users are usually distributed through various infected websites or unofficial app stores, income from such activities is appealing, leading to developers trying to expand the number of potential victims they can target. As a result, these applications are at times able to get onto official app stores, as was the case with the samples found by Kaspersky.


Cybersecurity firm blocked over 200k ransomware attempts vs small businesses in SEA

Critical Questions a Threat Intelligence Service should be able to answer


Recent discoveries have indicated there has been a potential rise in this method being used. Kaspersky researchers found three applications with inserted adware modules available on official marketplaces. One of them, a popular interactive questionnaire with millions of downloads, used a post-installation delay before showing ads that the researchers have also seen in other adware applications.

Delayed installation

This long delay from the installation of the application to the first advertisement appearing made it much harder for the user to find the culprit for all the ads that suddenly appeared on the screen. This technique is frequently used to trick automatic protection mechanisms, such as sandboxes in app stores. The developer of the interactive questionnaire application promptly removed the adware module once informed.

Other analyzed applications account for almost 100 million downloads. While carrying out their main functionality, they are also sending users half-screen ads as soon as the smartphone is unlocked, regardless of whether the app is running or not. At the time of this publication, developers of both of these apps have been contacted and have not responded to the requests to remove adware modules.

The spread of adware is not always carried out on purpose, and even legitimate applications can be vulnerable and end up spreading unwanted advertising without their knowledge. Most often this is due to the use of advertising software development kits (SDKs) and lack of testing an integrated advertising library. As a result, adware modules sneak into the final code of applications.

To protect users from adware Kaspersky recommends:

  • Promptly removing an application that is acting unusually and displays unwanted advertising;
  • Always check application permissions before installing the application to see what they can access and do on a device;
  • Use of a reliable mobile security solution, such as Kaspersky Internet Security for Android, that can help detect a variety of threats, including adware