View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 9, 2015

Fake Android apps lure users with game cheats

News: These malware pose as popular game cheats and then flood the user's Android handset with advertising.

By CBR Staff Writer

Fake Android apps misguide users by posing as popular game cheats and have been installed more than 200,000 times in a single month, according to IT security firm ESET.

Identified as Android/AdDisplay.Cheastom, the apps can evade detection by Google Play store security technology, Google Bouncer.

Security researchers from the firm have pointed out that once installed, the apps then aggressively display adverts every 30-40 minutes thus slowing down the normal use of Android devices.

The apps have been found to appear as popular game cheats including Cheats for Pou, Guide for SubWay and Cheats for SubWay, ESET said.

The fake apps also contain self-preservation code which makes their removal complicated.

ESET malware researcher Lukáš Štefanko said: "These aggressive ad-displaying apps attempt to hide their functionality from security researchers by deploying techniques, which succeeded in being downloaded over 200,000 times in a single month.

"The anti-Bouncer technique used by these apps obtains the IP address of a device and accesses its WHOIS record.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

"If the information returned contains the string ‘Google’, then the app assumes it is running in Bouncer.

"Should the app detect an emulator or Google Bouncer environment, the ads are not displayed. Instead, the app will simply provide game cheats, as expected."

Following ESET’s notification, Google has removed these unwanted applications from the Google store.

Štefanko said: "Although it’s good that Google removed the apps from the Android Google Play store after we informed them of the issue, it is clear that more attempts will be made to bypass Bouncer and spread apps containing undesirable code."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.