Facebook is pushing a host of super-dangerous Android malware

app security
(Image credit: Shutterstock.com)

More than a dozen adware apps have been found being promoted on Facebook, resulting in a total of over seven million downloads, experts have warned.

Researchers from McAfee discovered the malicious mobile apps and the aggressive advertising campaign on one of the world’s largest social media platforms, warning that users could be at risk of attack.

The promised functionality was to optimize the mobile endpoint and rid it of spyware, adware, and other malware. Instead, what the apps did was push ads, whilst also changing their names and icons frequently in order to stay on the victim's device for as long as possible - including masquerading as the Play Store itself.

Faking the Play Store

The apps managed to serve the ads by abusing the Contact Provider Android component, meaning every time the user installs a new app, the adware uses this subsystem, and begins the ad-serving process. As a result, the user thinks the ads were being served by the newly installed app. 

The adware apps also create a permanent service for displaying the advertisements, and if user terminates the service, it just restarts. 

These are the apps that McAfee found as malicious - all have since been removed from the Play Store:

  • Junk Cleaner 
  • EasyCleaner
  • Power Doctor 
  • Super Clean
  • Full Clean -Clean Cache
  • Fingertip Cleaner 
  • Quick Cleaner 
  • Keep Clean
  • Windy Clean 
  • Carpet Clean 
  • Cool Clean
  • Strong Clean 
  • Meteor Clean

The apps have been downloaded by users all over the world, with those located in South Korea, Japan, and Brazil, were most affected.

While Google removing the apps is definitely a welcome move, it doesn’t help those that have already downloaded them. Until they are removed, these apps will continue to be a nuisance to the users. 

  • Here are the free and paid options for the best firewall software to stay protected online

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.