Google Deletes Play Store Apps—What You Do Now
It’s time to hit delete
AFP via Getty Images
Google’s Play Store is changing — in fact, the entire Android app ecosystem is changing. A year from now, the world’s most popular mobile OS will be more like Apple’s iPhone than ever before. But maybe those changes don’t go far enough.
A new Android warning this week makes stark reading. The numbers are staggering. A “sophisticated” fraud campaign across 224 apps “collectively downloaded from Google Play more than 38 million times across 228 countries and territories.”
The new threat intelligence comes from Human’s Satori. It’s the latest outing of the vast ad and click fraud networks that trick users into installing apps that force display ads and bill advertisers at scale, often making a phone essentially unusable as they do so.
Dubbed “SlopAds,” the latest campaign introduced some novel trickery to evade detection. Users are lured by ads in messages and emails to install benign Play Store apps. These then download malicious add-ons to deliver the fraud.
The threat actors leveraged marketing analysis tools to check hows a user found their way to the Play Store app. If it was via an add, they assume it’s a regular user and install the malware. If it’s a direct navigation to the app within Play Store, they assume it’s a security researcher or analyst and leave the benign app alone on the device.
“This abuse of marketing attribution technology is a novel approach to ad fraud,” Satori says, “and underscores the growing sophistication of threat actors’ tactics.”
Google has confirmed that all the apps identified in this latest report have been deleted from Play Store. You must ensure Play Protect ie enabled on your phone — it should be by default, as that will protect you from the underlying threat.
If you have any of the apps installed, you should receive a Play Protect warning and a prompt to delete them. You can also check the list of apps — at least by package name — on Satori’s list. If you have a tendency to install trivial apps and leave them on your phone, you can skim the list. Clearly the best advice is not to do that.
Ad fraud may seem harmless when compared to malware and infostealers. It’s not. These campaigns net millions of dollars and there’s genuine technical sophistication in how they operate. Here, by way of example, malicious installs were hidden in images downloaded to the phone using steganography. That’s a non-trivial exercise.
Satori warns “the sophistication of SlopAds suggests the threat actors will likely adapt their scheme again to try to continue to defraud the digital advertising ecosystem.”