IT security researchers at Malwarebytes have discovered aggressive adware on the Google Play Store that poses as a PDF reader. However, it also displays full-screen advertisements when users are not using it.
The app appears to be a pure slingshot of spam. Malwarebytes researcher reports that after installing it from the app store, it takes a few hours for the first ads to appear. Adware writers want to make it more difficult to track down the offending application. However, after a few hours, the smartphone even reports acoustically and plays a notification tone. After unlocking the screen, a full screen advertisement covered the screen; sometimes even promotional videos.
Good Ads SDK, Bad Ads SDK
The logs showed that the adware developers’ own Ad SDK loaded and displayed these ads. Ad SDKs are pre-built ad libraries that app developers can connect to. They generally only display ads within the app being used, within acceptable limits, and generate revenue for the app developers; this is often what makes free versions of the app possible.
However, thanks to its own ad SDK, PDF viewer developers are not subject to the usual restrictions and therefore can display aggressive advertising. However, then it is an adware. That means the well-known category of malware.
Warning sign in app properties
However, some properties of the app are already negatively noted in the app store. Malwarebytes researchers find the name of the developer, for example fairy games suspicious: why would such a company develop anything other than games? In addition, the application was marked with the age group “Over 17 years”. A PDF reader shouldn’t have an age limit. have in the meantime ad app developers also adjusted this.
What is also striking is that with more than a million downloads, around 1,500 reviews were submitted, of which only five also contain a text. According to them, the application does not even display PDF files, but offers to save them. Other users complain about the spammy nature of the app.
Currently, the app can still be found on the Google Play Store and can still be installed. However, Android users should be aware if you have “PDF Reader: View Documents” by Fairy games on your phone. The package name is com.document.pdf.viewer. The malicious app can be quickly uninstalled through the app info or app list in the smartphone settings. In the Malwarebytes report there are some more details.
From time to time, apps with malicious intent appear in the app store. About a month ago, Google released eight apps with more than three million downloads from the store that scammed users into signing up for premium services. A week ago, Bitdefender detected 35 malware apps with more than two million installations, which Google subsequently banned from the Play Store.
(DMK)
Introvert. Beer guru. Communicator. Travel fanatic. Web advocate. Certified alcohol geek. Tv buff. Subtly charming internet aficionado.
