More than 100 apps currently available on the Play Store are hiding adware already installed on millions of devices.
White Ops, a company specializing in cybersecurity, has published a study showing that 100 applications available on the Google Play store and downloaded by more than 4.6 million devices contain adware that broadcasts ads (Even if the app in question is closed).
Millions of infected smartphones
The new malware features silent advertisements on the user’s own device and pop-up advertisements on the user’s device. All affected applications share a code library called “Soraka” (from which the malware got its name) and a variant called “Sogo”.
Among the malicious applications discovered by White Ops is Best Fortune Explorer, an application released last September. Passed unhindered without being affected by antivirus scanning and already accounted for more than 170,000 downloads.
Adware overlooked in the Play Store
The mode of operation of Soraka is quite sophisticated. The code found in these infected apps indicates that a filtering system has been installed to determine if certain conditions have been met to display unwanted ads on the user’s device.
The advertisement page is not displayed immediately after installing the fake app. Soraka waits a bit before triggering to avoid detection by various antivirus scanning tools. When the user unlocks the screen, the ad still appears, but there are no open applications, which confuses the problem and prevents the user from identifying the underlying application.
In addition to a detailed description of how this adware works, White Ops publishes on its website a list of 104 Android applications (unfortunately little known) affected by Soraka.