Sometimes, protecting your smartphone from malware can be a complicated, and worrying, process. Luckily, avoiding much of the malware and adware targeted at Android users is as simple as being careful of where you download apps for your Android smartphone. For instance, a malicious adware campaign that targeted Android users in more than 20 countries targets people who believe they’re downloading trusted, popular apps. In reality, they’re actually downloading titles that use repackaged icons to disguise themselves and the root exploits they use to attack the device after installation, and subsequently gain a permanent hold on users’ devices.
There are a few different ways that you can end up downloading such an app on your smartphone. Luckily, they’re all avoidable if you know what you’re looking for. Read on for a short overview of each and to learn how you can protect your Android device from malicious adware.
1. Third-party app stores
The adware campaign exposed last year starts when the attacker uploads the malicious app to a third-party app store. Third-party app stores are prevalent throughout the Android ecosystem, but are notorious for being the source of many threats to Android smartphones’ security. Google’s vetting of apps for the official Google Play Store isn’t perfect, but it provides a level of protection that isn’t available elsewhere. If you’re looking to protect yourself, then the solution is simple: don’t download apps from third-party app stores.
When you first launch an infected app, it will collect information on your device and upload it to the ad server. From there, it “pervasively” serves ads from the background, and you’ll see ad banners regardless of what activity you’re currently completing on your phone. Victims have even reported seeing ads pop up when staying on the Android home screen. The upshot: it’s not worth the risk to download an app from a third-party app store.
2. Download links on websites
The attacker promotes the apps via download links on the web, as well as ads in other apps (more on those in a minute). So while you might not be using a third-party app store, you could see an ad for a malicious app when you’re navigating the mobile web, searching for something else. What’s misleading about the malicious apps is that they’re repackaged with a name and an icon you might trust, since they mimic safe Android apps that you may have already installed on another device.
In the case of the adware campaign uncovered last year, the campaign demonstrates that you can’t be too careful when clicking download links on websites you don’t know or trust, and you shouldn’t download apps from locations other than the official Play Store. Once they’ve been installed, the apps exploit as many as eight different Android vulnerabilities to gain deep root access privileges. After that, the apps launch code libraries that mimic legitimate Android services in order to gain a permanent hold on the infected phone. To avoid infecting your phone in the first place, avoid clicking on dodgy links. It’s worth the extra time to open the official Google Play Store and search for the app you want if it’ll help you avoid an irreparably infected phone.
3. In-app ads
Another way for attackers to get people to download the malicious app is to promote the app via advertisements in other apps. While ads in your favorite game or utility app may seem annoying, most users don’t know that idly clicking on one, even out of simple curiosity, can get them to an app that can not only exponentially increase the number of ads they see on their phones, but can also use its root access to make other changes to how the software is working behind the scenes. Again: you shouldn’t download apps from ads, or from any sources other than Google.
In an investigation of the campaign discovered last year, researchers learned that the code used its root access privileges to uninstall the (legitimate) Lookout antivirus app, which might even indicate the attacker’s intent to carry out further attacks. Whether the extent of a campaign’s capability is to uninstall an app, or if there’s more to come, it should serve as a strongly cautionary reminder that you should be careful of where you’re getting the apps you download on your phone.