Malicious Android apps downloaded 3 million times pretend to be the Chrome browser when installed

Malicious Android apps downloaded 3 million times pretend to be the Chrome browser when installed
Last week, Google announced that it was teaming up with mobile security firms ESET, Lookout, and Zimperium to create the App Defense Alliance. The alliance hadn't been announced when 49 new adware apps were first listed in the Google Play Store portraying themselves as games and stylized camera apps. Discovered by Trend Micro, these 49 apps have been downloaded over 3 million times.

The adware, like many of the other malware-laden listings we've recently written about, hide their icons making them almost impossible to uninstall. And they serve up full-length ads on the victim's phone creating a stream of revenue for the bad actor(s) involved. The only way to close an ad is to press the back button or the home button. The adware shortcut is disguised as the Chrome browser and even uses the same icon. When the icon is tapped on, it creates multiple shortcuts on the home page that show a full-page ad when selected. Some of these apps opened full-page ads as soon as the phone was unlocked while others showed the ads once the screen was tapped on (from any location). All of these ads will quickly drain the battery on a phone and hog memory resources. And even if a phone is running low on memory, it will continue to ruin the ads since they are shown in the foreground. Deleting the shortcut icons will not from the home screen will not delete the app. The only way to remove the app is to go into the phone's settings, open the applications section, find the app and delete it.

When it comes to the well being of your phone, we don't mind repeating ourselves; the best defense you have to protect yourself from downloading one of these malicious apps is to read the comments section before you install any title from a developer that you've never heard of. For example, here is a comment from one of the 49 apps that are the topic of this article: "Don't install this game!!! It's horrible. There are ads everywhere. Even when you are not using the app or you close it! That's the worst app ever. It doesn't appear in my phone but in Play Store says installed...DON'T DOWNLOAD THIS GAME." Now take into consideration that almost every comment for this app has something similar to say. That should be enough of a warning to have you running swiftly away from this app, or any app that has such a comments section.

Hopefully, the App Defense Alliance will be able to stay one step ahead of the bad actors who have been coming up with more and more ways to trick Android users into installing malicious apps. Late last month, we told you about a virtual keyboard app called ai.type that was sending text messages in the background once installed on a victim's phone. These messages were signing up the unsuspecting phone owner for premium games and other services at expensive rates that eventually appeared on his or her monthly invoice.

Last month we told you about a strain of malware that has the ability to reinstall itself even after a factory reset. Talk about a house guest that you can't get rid of! The hackers are constantly evolving their malware making it imperative that Google and its partners get ahead of them.



1. tbreezy

Posts: 167; Member since: Aug 11, 2019

Feels like there’s more of these every week at this point.

5. lyndon420

Posts: 6878; Member since: Jul 11, 2012

More idiots...yes. Why would someone download a Chrome browser when it's likely already pre-installed on an Android phone?! Also...ignore the comment section, and I suppose you get what you deserve...

2. irwan92

Posts: 49; Member since: Feb 12, 2013

This also happened at winwows. A stupid acts as chrome get installed and i can't get rid of it. Its start to show ads

3. Fellwalker

Posts: 542; Member since: Apr 04, 2014

Why can't those being paid for showing the ads be tracked down? The ad providing networks are also at fault and are getting a cut from every single ad that is shown. So it isn't in their interest to stop this fraud.
This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit for samples and additional information.