UPDATED 13:23 EST / JANUARY 05 2018

APPS

Millions of Android users downloaded malicious flashlight apps on Google Play

Proving that flashlight apps are still as sketchy as ever, Google LLC has removed 22 malicious flashlight apps from Google Play after cybersecurity company Check Point Software Technologies Ltd. discovered that the apps were loaded with adware.

Apps containing the adware, which Check Point calls “LightsOut,” had been downloaded by between 1.5 million to 7.5 million Android users before they were finally removed from Google’s store.

According to Check Point, LightsOut forces users to interact with ads before allowing them to answer calls or perform other activities on their device. The ads could be triggered by a number of different events, including ending a call, plugging in a charger, locking the device and  others. Check Point said that LightsOut could override user settings to disable the ads, and some users still saw the ads even after they paid for a supposedly ad-free version of the infected app.

“Despite the vast investment Google has recently made in the security of their App Store, ‘LightsOut’ reminds us once again that users need to be wary of downloading from App Stores and are advised to have a ‘Plan B’ in the form of an advanced mobile threat defense solution that goes beyond anti-virus,” Check Point said in a blog post. “Many users are still unaware of the dangers lurking for them, and continue to install apps such as fishy flashlights.”

Check Point’s discovery raises several questions about the effectiveness of Google’s security for its app store, and this is not even the first time that Check Point has informed Google about malicious apps on its platform. Check Point alerted Google in May about a malware named “Judy,” which infected up to 36.5 million devices. Less than two months later it alerted Google about another malware called “CopyCat,” which infected at least 14 million devices.

In interview with Fortune, Check Point security researcher Daniel Padon praised Google’s success in blocking more serious threats such as ransomware, but he noted that Google has trouble spotting subtler malware that users might not notice for some time. According to Padon, malware downloads on Google Play more than doubled between 2016 and 2017, and he encourages consumers to download security software for their devices.

Padon added that users should probably also stop downloading flashlight apps in the first place.

Photo: Blogtrepreneur via Flicker (license)

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.