Prague, Czech Republic, September 22, 2020 - Avast (LSE:AVST), a global leader in digital security and privacy products, has discovered seven adware scam apps available on the Google Play Store and Apple App Store. The discovery comes after a child reported a TikTok profile promoting what appeared to be a suspicious app to Avast’s Be Safe Online project in the Czech Republic, which educates children on how to stay safe online.
Altogether, the apps have been downloaded more than 2,400,000 times and have earned the people or persons behind the scam more than $500,000, according to data from SensorTower, a mobile apps marketing intelligence and insights company, and are poorly rated with app ratings ranging between 1.3 - 3.0.
The apps, which pose as entertainment apps like games to “Shock your friends”, wallpaper apps, and music downloaders, aggressively display ads, or charge users between $2-10 USD. The apps either provide a simple game that just causes the device to vibrate, wallpapers, or music. Some of the apps are HiddenAds trojans, a type of trojan Avast reported on this summer that disguises itself as a safe and useful application but instead serves intrusive ads outside of the app, and hides the original app icon making it difficult for users to identify where the ads are being served from.
“We thank the young girl who reported the TikTok profile to us, her awareness and responsible action is the kind of commitment we should all show to make the cyberworld a safer place,” says Jakub Vávra, threat analyst at Avast. “The apps we discovered are scams and violate both Google’s and Apple’s app policies by either making misleading claims around app functionalities, or serving ads outside of the app and hiding the original app icon soon after the app is installed. It is particularly concerning that the apps are being promoted on social media platforms popular among younger kids, who may not recognize some of the red flags surrounding the apps and therefore may fall for them.”
TikTok Promotion
Many of the apps are being promoted on TikTok via at least three profiles dedicated to pushing the apps, one of which has more than 300K followers. In addition to the TikTok profiles, Avast researchers also discovered an Instagram profile promoting one of the apps, with more than 5K followers.
The iOS and Android apps appear to be developed by the same person or group. The links promoted on the social media profiles lead to the iOS or Android versions of the apps, depending on the device the link is being accessed from.
Avast has reported the apps to Apple and Google, and has reported the profiles to TikTok and Instagram.
How users can protect themselves
Carefully read reviews: Adware and scam apps can be difficult to recognize, as they are often disguised as entertainment apps like gaming apps, for example. Signs that an app could be a scam include low app ratings, and negative reviews, citing excessive ads or low functionality of the alleged app features. “In addition to the seven apps, we also noticed the app developers have more apps, with very low downloads and reviews, but the handful of reviews they have are extremely positive and enthusiastic, which can also be a sign that something is suspicious,” continued Jakub Vávra.
Question prices: Users should consider what they are paying for and if the price tag for an app makes sense considering what the app is offering. “Many of these apps offer basic or unrealistic features, like simple games that claim to shock players, or wallpapers for around $8, a high amount considering games and features like this are often offered for free by other developers,” says Jakub Vávra.
Check permissions: Before downloading apps, users should check the permissions the app is requesting and consider if they make sense for the app to function properly. “The Android app ‘ThemeZone - Shawky App’ requests access to a device’s external storage, which can include photos, videos, and files, depending on how the storage is used. Accessing external storage is not a must for a wallpaper app,” warns Jakub Vávra.
“It’s also important for parents to speak to their children about apps and what to look out for before downloading an app, or make it a rule for children to ask for permission before allowing them to download an app, to avoid potential unnecessary costs,” concludes Jakub Vávra.
Screenshots of the apps, and social media profiles can be found here.
Android Apps
Name of App (+ link to app store), developer name, rating
|
Number of downloads, revenue
(source: SensorTower)
|
Description of app behavior
|
ThemeZone - Shawky App Free - Shock My Friends
Developer name: Moteleb Inc.
1.3 rating
|
Downloads listed on Google Play: +100K
Downloads according to SensorTower: 418,000
Revenue according to SensorTower: $15,000
|
- Requests external storage via fake safety check screen
- User is shown an ad for a ‘Shock your friends’ minigame with a free trial button
- Upon clicking on the free trial offer, the user is taken to a payment gate asking for a weekly $8-10 subscription fee
- Once the user pays, the app is revealed to contain basic wallpapers and no ‘Shock your friends’ minigame
- The app continues to display frequent ads even after payment
|
Tap Roulette ++Shock my Friend
Developer name: Go Best
2.2 rating
|
Downloads listed on Google Play: +1M
Downloads according to SensorTower 1,700,000
|
- Requests permission to draw over other apps, which is then used to display device wide ads
- App actually includes a ‘shock your friends’ minigame, but doesn’t shock people, just causes the phone to vibrate
- Once a user plays the game, it activates the HiddenAds adware features and displays device wide ads while hiding the app icon
|
Ulimate Music Downloader - Free Download Music
Developer name: Go Best.
3.2 rating
|
Downloads listed on Google Play: +100K
Downloads according to SensorTower: 192,000
|
- Requests permission to draw over other apps, which is then used to display device wide ads
- Once a user plays a few songs, it activates the HiddenAds adware features and displays device wide ads while hiding the app icon
|
iOS Apps
Name of App (+ link to app store), developer name, rating
|
Number of downloads / earnings (source: SensorTower)
|
Description of behavior
(based on reviews so far)
|
Shock My Friends - Satuna
Developer name: Abdelsatar Abdalmotaleb
1.6 rating
|
Downloads according to SensorTower: 22,000
Revenue according to SensorTower: $157,000
|
- Charges $8 to supposedly shock user and friends
- Only causes the device to vibrate, doesn’t offer any other features
|
666 Time
Developer name: Abdelsatar Abdalmotaleb
3.0 rating
|
Downloads according to SensorTower: 10,000
Revenue according to SensorTower: $57,000
|
- Charges $8 to supposedly shock user and friends
- Only causes the device to vibrate, doesn’t offer any other interesting features
|
ThemeZone - Live Wallpapers
Developer name: Abdelsatar Abdalmotaleb
2.0 rating
|
Downloads according to SensorTower: 67,000
Revenue according to SensorTower: $246,000
|
- Charges $2 for animated background wallpapers
- Once purchased, the user has to pay another $8 to access ‘VIP’ animated backgrounds
- Based on user reviews, the backgrounds either don’t work as advertised
|
shock my friend tap roulette v
Developer name: Apps & Games Inc Unlimited Fun Free Games
1.6 rating
|
Downloads according to SensorTower: 44,000
Revenue according to SensorTower: $52,000
|
- Charges $5 to supposedly shock user and friends
- Only causes the device to vibrate, doesn’t offer any other interesting features
|
Tik Tok and Instagram Profiles promoting scam apps