Multiple Android apps infected with adware; 30 million users affected

Cyber forensics course specialists report the presence of adware in at least 50 Android applications available on the official Google Play Store platform. In some cases, adware is capable of displaying full-screen ads and bringing the user to download sites for other applications.

There is one element in common between these applications: they all use Android libraries developed by third parties that eliminate service constraints in the background, a feature of the newer versions of the operating system.  While dodging these features is not a practice banned by Google Play Store, applications that use these libraries slow down the device and generate an increase in the battery consumption of the device, so they are under the scrutiny of cyber forensics course specialists.

Researchers have identified this adware as “TsSdk” and claim it was installed around 30 million times before being removed from Play Store for the first time. During the investigation, two versions of adware were found in the Play Store:

  • Version 1: Is the oldest version of adware and was installed more than 3.5 million times; This malware was hidden in not very complex apps (games, fitness monitors and photo editors)
  • Version 2: This version was installed around 28 million times and was in fitness and music monitoring apps

According to cyber forensics course specialists, version 1 of adware has no complex development and is easy to detect; In addition, some variants contain code to download other apps. On the other hand, developers seem to have invested more effort in version 2, because their code is better protected and has an encryption of Tencent, which makes it more difficult to decompress. 

The behavior of this adware is somewhat unusual; Applications only display ads consistently for the first four hours after installation. After that period, ads are shown much less often.

Finally, specialists of the International Institute of Cyber Security (IICS) commented that adware does not work on Android 8.0 because of the way in which the services in the background are managed in this version of the operating system; This did not reduce the impact of adware, as it is estimated that about 80% of Android users run some of the previous versions.