Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us


    Some of the apps discussed in this blog entry were developed with an older adware SDK that did not contain opt-in provisions, particularly regarding the ability to collect information and display ads outside of the original app. The adware SDK has since been updated to this capability to comply with Google’s developer policies; apps that use this newer version are no longer considered high-risk.

    More details about this change can be found in our December 2012 Monthly Mobile Review: The Hidden Risk Behind Mobile Ad Networks.

    As expected, shady developers are now taking advantage of Candy Crush, one of the hottest gaming apps in both social networks and Android.

    Recently, Candy Crush grabbed the top spot from FarmVille 2 as the most popular gaming app on Facebook. This boost in popularity, however, has its perils. In particular, Candy Crush’s popularity made it the perfect target for dubious developers and cybercriminals who want to lure and profit from fans of the game – similar to what happened with other popular mobile apps and games like Instagram, Bad Piggies, and Temple Run in the past.

    In a development that surprised no one, we discovered fake Candy Crush apps online, proving that cybercriminals are indeed hoping to capitalize on the game’s current trending status. These apps contain code for the Leadbolt and Airpush ad networks; apps containing said code were some of the most prevalent found last year. (We detect these as  ANDROIDOS_LEADBLT.HRY and ANDROIDOS_AIRPUSH.HRXV.)

    Figure 1. Screenshot and notification of fake app

    While not inherently malicious, adware can be abused by cybercriminals for their own gains. Adware not only uses aggressive advertising tactics such as persistent notifications, but also collects information about the user. This could be construed as a violation of the user’s privacy.

    We’ve predicted that malicious and high-risk Android apps will hit 1 million sometime this year. This may sound like a huge number, but considering the number of Android malware for 2012 exceeded our expectations and the continuous popularity of the platform, it’s very plausible. Our own researcher, Rik Ferguson, noted in his blog post that 293,091 apps were found to be malicious and of these, 68,740 were found on the official Google Play store. Around 22% of these malicious apps were found to leak information about the user.

    These figures can be daunting, but you can start small steps to protect yourself. For one, you make it a habit to read the app page e.g. app description, developer’s page, and comments. Comments can be a goldmine of information, since you’ll know what other users are saying about their experience with the app. Once you install any apps, make sure that you check out the permissions that they are asking for. For better protection, you can install security apps designed for devices, like Trend Micro Mobile Security Personal Edition, which can detect and delete malicious or high-risk Android apps.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    • Stan Jez

      Even so called legitimate apps can be sneaky. I use a particular app that records data related to blood pressure. During the process of logging in the login button drops down to be replaced by an add. I’ve inadvertently pressed the advert. Once in the advert there is no way of returning to the app other than force closing and starting over. Perhaps a bit of poor design…. but then again maybe not.

      • TrendLabs

        Hi Stan Jez,

        Agreed. While displaying advertisements is necessary for developers to monetize on their apps, it is unfortunate when they use means that involve “trickery” at some level.

        We generally do not consider the displaying of ads as malicious behavior. However, as mentioned above, some advertising platforms have been known to collect data from the devices, which breaches the privacy of the user.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice