Google has removed a number of malicious Android apps from the Play Store after multiple reports the programs were overloading user devices.
At least 38 Android apps were identified as threats, bombarding users with out-of-context ads and intrusive browser redirects.
The apps were reportedly developed by the same criminal group, which was able to get the services onto the official Play Store by disabling malicious adware functions inside the source code to get around Google’s security protections.
The apps were identified by security firm White Ops, which reported its findings to Google in order to get them removed.
Most were beauty-related or filter packages, including selfie apps or services that promised to add a number of filters over user images. Once downloaded and installed however, the apps bombarded users with intrusive adverts, repeatedly tried to open browsers to redirect to websites, and attempted to avoid being uninstalled by hiding their app icons.
Many of the apps appeared to be modified or amended versions of previous services, which had seen little pick up with users on the Play Store until they had the anti-adware code removed.
Although many were accepted into the Play Store initially, these original apps only normally lasted just over two weeks on the marketplace before being detected and removed by Google. In spite of their short shelf life, White Ops detected that the 17 apps were downloaded over half a million times in total.
In order to try and reinstate their apps, the developers adopted a number of measures to try and trick Google into re-accepting them – which primarily involved removing the malicious code entirely. This would trick the Play Store into clearing the apps, which, once uploaded, would have this code re-added through a data update.
This included using Arabic characters, including verses from the Quran, in place of English in the app source code, disguising malicious features.
All the apps have now been removed, with Google saying it will up scrutiny on suspicious additions such as those mentioned in White Ops’ report.