In Google Play Store found nearly half a hundred of malware programs that mask under fitness applications

Specialists from Avast detected about 50 advertising applications that mask under applications for health and wellness and that in total wereunloaded more than 30 million times.

This list includes applications as Pro Piczoo, Photo Blur Studio, Mov-tracker, Magic Cut Out, Pro Photo Eraser and others with number of downloads from 1 thousand to 1 million.

All applications are bonded with each other through side libraries that bypass limitations for side services, realized in the latest Android versions. They show full-screen advertisement and in some cases with the use of tricks can force users install additional advertising software.

Researchers discovered in Google Play Store two versions of malware software under the name TsSdk. Older version of this application was uploaded 3,6 million times and in located in a shop between simple games, photo editors and fitness – applications.

After upload, both applications look legitimate but reflect on the main screen links on unwanted pages and link on Game Center that leads on page with various games. Applications show commercials with every return to home screen and sometimes download on the device unwanted programs.

 an example of one of the apps containing TsSDK
An example of one of the apps containing TsSDK

New versions of TsSdk found in section music and fitness-applications and were installed approximately 28 million times. Malware code was modified and masked and starts only after victim presses relevant advertisement on Facebook.

Facebook SDK function with the name «deferred deep linking» allows applications to fix, when user pressed the bottom. After pressing, applications reflects additional commercial during the first four hours, and after it rarely or less systematically. However, after unlocking a smartphone and every 15-30 minutes are demonstrated full-screen ads.

Malware does not work properly on Android Oreo 8.0 and later versions. Some of the malware applications are deleted from Google Play Store.

Tips to avoid adware from AVAST:

  • Install a trustworthy antivirus app. Antivirus acts as a safety net and can protect you from adware.
  • Exercise caution when downloading apps. Read app reviews before installing a new app, carefully reading both positive and negative reviews. Notice if reviewers comment on whether or not the app does what it says it will do. If an app’s review includes comments like “this app doesn’t do what it promises” or “this app is packed with adware,” – think twice about downloading the app! Reviews like this are a sign that something isn’t right.
  • Always carefully check app permissions, closely looking to see if they make sense. Granting incorrect permissions can send sensitive data to cybercriminals, including information such as contacts stored on the device, media files and insights into personal chats. If anything seems out of the ordinary or beyond what seems appropriate, the app should not be downloaded.


Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button