Once again, we need to pound the table on something that we have been adamant about for some time. Before you install any app from an unknown developer on your phone, check the comment section. In almost every article that we have written about malware-laden apps, you would have seen major red flag warnings from those unlucky souls who previously installed these titles.
The icons associated with these apps disappear from the launcher making them nearly impossible to uninstall
What brings this up is a report from British security firm Sophos
about 15 Android apps originally found in the Google Play Store that play ads on your device. This produces revenue for the bad actors, and with these app's icons disappearing after being installed, they become almost impossible to delete. Some will even change their identity to fool a device owner. At the least, 1.3
million phones have installed at least one of these apps. One title, Flash On Calls & Messages, was installed over 1 million times alone. Many of these apps were just published in the Play Store as recently as July.
How this adware works when installed on an Android phone
When one of these apps is installed, a message appears on the phone that reads, "This app is incompatible with your device!" The app then seems to crash and leaves you at Google Maps. This is done to make it appear as though the navigation app is the issue. The app's icon is then hidden in the launcher; sometimes this happens immediately, other times it will happen after a period of time. In addition, nine of the 15 apps used icons and names that could confuse the average smartphone user. One of the apps copied the Google Play Store name and used the same icon employed by the real Play Store listing. Others used generic-sounding names like "Update" along with an icon of the droidbug to make it look legit.
The apps had generic names and familiar icons to trick users into installing them
Now let us ask you something. Would you install an app after reading a comment that says, "Do not get this app. It is a virus. I just had to factory reset my phone." Obviously, you wouldn't. This warning was posted on the comment section belonging to one of the malicious apps. Sophos says that it warned Google about these apps in July, and the security firm believes that they have since been removed. The 15 malicious apps include:
- Flash On Calls & Messages
- Rent QR Code
- Image Magic
- Generate Elves-
- QR Artifact
- Find Your Phone
- Auto Cut Out Pro
- Background Cut Out
- Photo Background
- Background Cut Out
- Auto Cut Out
- Auto Cut Out 2019
Anyone looking at the comments section first would never have installed any of these apps on their device
Again, you can save yourself plenty of grief by checking out the comment section before you install an app from an unknown developer. A few of these apps were supposed to automatically remove the background from photographs. Two of them were related to scanning QR codes and one app was supposed to help you find your phone. These are titles that many smartphone users install without doing their due diligence. Google Play Protect is supposed to scan apps before and after installation looking for malware. But many of these bad actors are getting very clever in hiding their true intentions until it is far too late. And if you can't figure out a way to uninstall any of these apps, a factory reset might be your only option.
These apps were adware, designed to play revenue-producing ads on your phone