Google has removed 29 apps from the Play Store which were found filled with adware. These Android apps had over 3.5 million downloads on the Play Store.
White Ops’ Satori threat intelligence team discovered these 29 apps as part of their “CHARTREUSEBLUR” investigation. The word blur in the codename of the investigation is due to the fact that most of the malicious apps were photo editing apps which had a blur feature. As for the word “chartreuse” the team just found it fun to say and that the liquor is tasty.
These Android apps were found running out-of-context (OOC) ads which are said to be used to avoid detection. After the user installs any of these apps, the launch icons would immediately disappear from the phone. This made it difficult for users to remove the malicious app from their phones.
One such app with adware was the Square Photo Blur app. The Satori team tested this app and discovered a “hollow shell of an app” which managed to pass the Play Store security checks. The app obviously didn’t function as advertised and instead ran OOC ads on phones. Once the app was installed on the phone the launch icon disappeared and there was no “open” function on the Play Store either.
Ads that popped on up through these apps happened within intervals of only a few seconds. Also, almost every action the user performed on their phone triggered a code in the app for ads to pop-up. Some of these actions include unlocking the phone, uninstalling an app, charging the phone or even switching from mobile data to Wi-Fi. The ads pop up and occupy the whole screen of the phone. It’s not just ads though. The Square Photo Blur app even managed to launch an OOC web browser randomly.
29 Android apps have been identified with this malicious adware. But there could be more in the future. You can find the full list of apps here and uninstall them. The Satori team also advises to look out for hints like – reviews of the apps mentioning ads popping up all the time, apps disappearing after downloading it, a lot of 5-star reviews but recent ones are mostly 1-star, app doesn’t work as advertised, app received a lot of downloads in a very short time. Some of these points can act as indicators that the app is probably a malicious one.
