Security researchers have discovered 7 scam apps on Google Play and Apple App stores which have been downloaded over 2.4 million times. Interestingly, a little girl in Prague, Czech Republic helped the researchers make the discovery.
A report by Avast explains that these scam apps followed typical adware scams, appearing to? users as entertainment, wallpaper or music apps. The apps were promoted on social media platforms including TikTok and Instagram and mostly targeted kids.
It was thus, only after a little girl reported a TikTok profile promoting one of these apps that the scam came to the notice of security researchers at Avast. The girl reported the promotion to Avast¡¯s Be Safe Online project in the Czech Republic. The initiative helps educate children on safe online practices.
¡°The apps, which pose as entertainment apps like games to ¡°Shock your friends¡±, wallpaper apps, and music downloaders, aggressively display ads, or charge users between $2-10 USD,¡± Avast explained in a blog post. The cyber security firm points out that some of the apps are HiddenAds trojans. Such type of trojan takes the disguise of a safe and useful application but instead ¡°serves intrusive ads outside of the app, and hides the original app icon making it difficult for users to identify where the ads are being served from.¡±
In its post, Avast pointed out that the apps had managed to make more than $500,000 or over Rs 3.7 crore, as per data from SensorTower. These apps are usually poorly rated in app stores, ranging between 1.3 - 3.0.
A frightening revelation made by Avast is that the apps were being promoted on TikTok ¡°via at least three profiles¡± that were dedicated to pushing these apps to Android and iOS users alike. The post mentions that one of the three profiles had more than 300K followers. Another such profile was spotted on Instagram, with more than 5K followers.
¡°It is particularly concerning that the apps are being promoted on social media platforms popular among younger kids, who may not recognize some of the red flags surrounding the apps and therefore may fall for them,¡± Avast mentions.
The same person (or group) is being blamed for developing these iOS and Android apps. Through the social media channels, the miscreants shared the link to the iOS or Android versions of the apps.
Avast says that it has reported the apps to Apple and Google, in addition to reporting the profiles to TikTok and Instagram. Google has confirmed the removal of the apps in question from its Play Store, Apple is yet to respond.
The firm further appreciated the awareness of the young girl towards the malicious apps. ¡°We thank the young girl who reported the TikTok profile to us, her awareness and responsible action is the kind of commitment we should all show to make the cyberworld a safer place,¡± said Jakub V¨¢vra, threat analyst at Avast.