According to Ars Technica
, a tip given to researchers by a child led to the discovery of adware and other apps designed to rip-off the public. These apps were listed on both the Apple
App Store for iPhone units and the Google Play Store for Android devices. These particular titles have been installed over 2.4 million times and pretended to offer features such as wallpaper images, entertainment content and streams, and downloads of music. Some of these apps served up ads even when they weren't open. These are called HiddenAds trojans that disguise themselves as useful apps, and they are. They are useful to the bad actors who collect revenue from serving the ads to victims.
It took a child to find malware installed over 2.4 million times
Why not simply uninstall these troublemakers you ask? The answer is a simple one. The icons are hidden so that users can't figure out how to get rid of them. Besides delivering adware, some of these apps also charge $2 to $10 for useless in-app purchases which have generated $500,000 in revenue to date according to estimates from app analytic firm Sensor Tower.
This so-called free app, found in the Google Play Store, charges as much as $10 per week for a subscription
Some of these spam/scam apps were promoted by a trio of TikTok users, one of whom had 300,000 followers. The short-form video app, the subject of much drama between the Trump administration and the app's parent company ByteDance, played a pivotal role in the discovery of these apps. A girl happened to find a profile on TikTok that was promoting one of the "abusive apps" and reported it to the Czech Republic's Be Safe Online project which is supposed to help children in the region stay safe while online. While you are pondering that irony, the tip led researchers from security firm Avast to do some digging of its own and it found 11 apps running iOS and Android that were involved in these scams.
Avast threat analyst Jakub Vávra
, said in a statement, "We thank the young girl who reported the TikTok profile to us, her awareness and responsible action is the kind of commitment we should all show to make the cyberworld a safer place. The apps we discovered are scams and violate both Google's and Apple's app policies by either making misleading claims around app functionalities, or serving ads outside of the app and hiding the original app icon soon after the app is installed. It is particularly concerning that the apps are being promoted on social media platforms popular among younger kids, who may not recognize some of the red flags surrounding the apps and therefore may fall for them." Avast also discovered an Instagram profile with over 5,000 followers promoting these apps.
Some of the apps, as we pointed out, were hyped on TikTok and Instagram and included links that led back to their listings in the App Store or Google Play Store. And that brings us back to what we call our early warning system that can help you avoid installing malware. Simply look at the reviews and if you see multiple low-star comments calling an app adware, malware, or something even worse, just leave it alone. The apps that we are writing about in this article had scores averaging 1.3 - 3.0.
Avast's Vávra is concerned about the youngsters who come across promotions for these apps. "It is particularly concerning that the apps are being promoted on social media platforms popular among younger kids, who may not recognize some of the red flags surrounding the apps and therefore may fall for them," he said. Avast says that it has notified Apple and Google
about the malware found in their respective app storefronts. The research firm also notified TikTok and Instagram about the accounts doing the promoting of these apps.
Avoid or uninstall the following apps:
Google Play Store:
- ThemeZone - Shawky App Free - Shock My Friends
- Tap Roulette ++Shock my Friend
- Ulimate Music Downloader - Free Download Music
- Shock My Friends - Satuna
- 666 Time
- ThemeZone - Live Wallpapers
- shock my friend tap roulette v