New mobile Adware attack has been noticed by Researchers, dubbed as Lights Out, in at least 22 illegitimate Android flashlight and utility apps on Google Play Store.
These apps have now been removed from the Play Store, but prior to removal, these apps have been download mostly from Store.
Initially thought to be 600,000 users, the number of Android users who have mistakenly downloaded and installed malware on their devices straight from Google Play Store has reached 2 Million.
How Adware Attack Android Users
- When User download any of these apps from google play store, the user is allowed to disable the ads from an illegitimate website and disable the options from settings, which would get overridden by the malicious script and the app icon gets hidden so as to prevent its deletion from the device.
- Then users make a calls for some Info care than after disabling the call the ads appear automatically and the malicious script starts running through that Light Out application.
- As per researchers, some ads forced a user to answer their calls and perform other activities while some noted that despite installing the ad-free version of the Android app, the malicious ad activity continued. Afterwards, Google was informed to remove the suspicious apps.
It shows how the infected app offered a checkbox and control panel to the user for enabling or disabling different services such as ads.
After different actions such as ending of a call, unlocking of the home screen, plugging in of a charger or enabling of Wi-Fi connection, and displaying event got triggered.
The ads were not directly linked to Lights Out activity and the app icon was also hidden, therefore, users were clueless about what was causing them to appear. Resultantly, the device gets bombarded with ads and the user has no other choice but to interact with the malicious ads, even to perform the most basic functions, such as to answer a phone call.
“Despite the vast investment Google has recently made in the security of their App Store.
‘Lights Out’ reminds us once again that users need to be wary of downloading from App Stores and are advised to have protection while using them.
Many Users are still unaware of malware installing the suspicious app from play store. Users should also be aware of different malware and malicious script.
The malicious adware campaign was reported by Check Point on January 5. The company noted that in order to prevent such campaigns from invading our mobiles, it is important to firstly, download apps cautiously and carefully, secondly, to have advanced a mobile threat protection software installed apart from anti-virus software.
Learn How to secure your Android Devices, Join Ethical Hacking course, Enroll Now