- Adware apps were being pushed through TikTok and Instagram
- The apps aggressively display pop-ups that charge users money for certain features
- The scam apps have earned their creators around $500,000
Seven malicious adware scam apps have been identified by cybersecurity researchers at Avast. These apps have been downloaded by around 2.4 million Android and iPhone users from the Google Play Store and Apple App Store, respectively, and have earned their creators around $500,000. Notably, the apps were being pushed through popular TikTok and Instagram profiles.
According to a blog on Avast, the team found at least three profiles that were aggressively pushing the malicious apps on TikTok. One of the profiles on TikTok has more than 300K followers. The researchers also found profiles on Instagram, one of which has over 5,000 followers, promoting the apps. Avast has managed to identify the seven adware apps and has reported them to Apple and Google.
ZDNet reports that the apps ThemeZone – Shawky App Free – Shock My Friends, Ultimate Music Downloader – Free Download Music have been removed from the Google Play Store. Meanwhile, Shock My Friends – Satuna, 666 Time, ThemeZone – Live Wallpapers, and shock my friend tap roulette v have been removed from the Apple App Store.
The team at Avast discovered that these apps are designed to target young people in the form of games, wallpaper, and music downloaders. The apps aggressively display pop-ups that charge users an amount ranging between $2 to $10 for additional services. Some of the apps display ads that take up the whole screen, forcing the user to click them. Both methods allow the creators to generate revenue.
Avast also notes apps that are HiddenAds trojans, which means they appear legitimate in order to bypass the Android and iOS app stores but exist to serve up advertisements outside of the app. “The apps we discovered are scams and violate both Google’s and Apple’s app policies by either making misleading claims around app functionalities, or serving ads outside of the app and hiding the original app icon soon after the app is installed,” said Jakub Vávra, threat analyst at Avast.
While most of the malicious apps have now been removed from the Google and Apple app stores, you should uninstall them if they’re present on your device. Vávra adds that users can spot malicious apps by taking a moment to understand whether the app needs the permissions it is asking for.
“So rather than just tapping “Allow,” the next time a new app asks for certain permissions, take a minute to think about whether or not it really needs that access. Does a weather app need to access your microphone? Nope. Does a wallpaper app need to access your storage? Nope. That’s a sign the app is likely a scam.”