“And a child shall lead them.” That well known phrase has been applied to may situations, so much so that it’s hard to imagine new ones where it might apply.
This is 2020 however, so of course it deserves a new twist. And so it did – when a young girl discovered an extensive Adware Scam App campaign on iOS and Android devices that was being promoted on both Instagram and TikTok.
Adware Scam App on iOS and Android
Adware scams in general are well known, but on Apple and Google App stores its a new attack vector. These kinds of apps tend to be everywhere, but usually they’re reported by security firms, hackers or computer specialists.
Not this time. According to representatives and researchers from Avast Security, the girl in question saw a TikTok profile that was promoting what appeared to be an abusive app and reported it.
The reach of the apps in question was more than a little surprising as well. Avast says it has identified seven adware scam apps available on both the iOS and Android app stores, which have collectively been downloaded more than 2.4 million times and have earned the people behind the scam more than $500,000.
It’s a slippery little piece of software, too. The apps typically poses as a platform for entertainment, to be a wallpaper, or as a music download. Once it’s installed, the app is difficult to get rid of, to the point where Avast has classified it as something called HiddenAds trojans.
That means the exploit is good at hiding, which makes it tough for users to figure out the origin of the ads in question. Some of the ads also have pricey offers for downloads ranging from $5-10 a pop.
Apps to Watch Out For
The malicious apps, which all seem to be developed by the same person or group were:
- ThemeZone – Shawky App Free – Shock My Friends (Android)
- Tap Roulette ++Shock my Friend (Android)
- Ulimate Music Downloader – Free Download Music (Android)
- Shock My Friends – Satuna (iOS)
- 666 Time (iOS)
- ThemeZone – Live Wallpapers (iOS)
- Shock my friend tap roulette v (iOS)
Another aspect of this story that’s been previously reported has to do with the money being made by some of TikTok’s most popular users.
In this case, one user touting the fraudulent app had over 300K followers, which means that app was likely worth about $500K to that particular Tik Tok-er.
Not surprisingly, the app violated the terms of service agreements of both Google Play and the App store, and it has already been removed from the former.
According to reports, however, some of the fraudulent apps are still available on the App Store, so perhaps the girl in question can be hired on as a sleuth to help the authorities and the good folks from Avast.
Some of the apps were also found on Avast’s Be Safe Online in the Czech Republic, which educates children on ways to stay safe online. Which definitely adds another layer of irony to the girl’s detective work.
Adware Scam App Summary
But the scariest part of all is that it took a young girl to find it. And to anyone who cares about the integrity of what we’re seeing and downloading on a daily basis, that’s truly frightening.