Android VPN apps found serving disruptive ads

A security researcher has discovered four VPN apps that serve ads while running in the background and also on the home screen of Android smartphones in the latest case of adware found on the Google Play Store.

While researching suspicious Android VPN apps, Andy Michael found that Hotspot VPN, Free VPN Master, Secure VPN and Security Master by Cheetah Mobile were all showing full screen pop-up ads on his smartphone even though none of these apps were currently open.

It is also worth noting that all of these apps originate from either Hong Kong or China where VPN usage tends to be higher than in other countries due to China's Great Firewall and the ongoing protests in Hong Kong. While three of the four apps provide VPN services to users, Security Master is an antivirus app.

All of the apps found to be showing disruptive ads by Andy Michael are still available on the Play Store at the time of writing.

Adware apps

In addition to APIs from Google and Facebook used to show ads, Michael's investigation also found that Hotspot VPN also contained obfuscated code which is used to show full-screen ads regardless of whether or not the app is currently open which results in significant battery and CPU usage. This app's name also resembles the legitimate VPN, Hotspot Shield and its developer likely chose this name as a way to trick unsuspecting users into downloading their app instead.

Free VPN Master was found to share the same code for serving Google ads and its APK file has the same code structure and files as Hotspot VPN. According to Michael, both apps are identical apart from slight modifications in their code.

Secure VPN though was the worst offender as it served ads when users had other apps open and even overlaid them on top of user's home screens. The app also contained references to code that recorded activities such as when an ad was displayed, clicked on or dismissed by the user. Security Master on the other hand, used more sophisticated behavior to show ads when users tried to go back to the home screen or when certain buttons were clicked.

Android users are constantly warned to avoid installing apps from unknown sources but when they can't even trust Google's own Play Store to find legitimate apps, there is a serious problem.

Via TNW

How It works

Search Crack for

Latest IT News

Oct 22
Whatever the question, data is the answer, Splunk CEO says.
Oct 22
Microsoft and SAP have struck a deal which will help SAP customers move their data to the cloud.
Oct 22
Your Privacy Protections Report reveals what the browser is doing to keep you safe, and helps you protect yourself too.
Oct 22
Don’t get too excited, though, because this update isn’t the same as Microsoft’s normal biannual feature upgrades.
Oct 22
We might not have to wait too long for Photoshop to release on iPads, although it might not be the 'full' experience yet.
Oct 22
The browser gets a fun new look, plus Bitcoin support for the built-in crypto wallet.
Oct 21
While the store may have been revamped substantially, it seems to have disappeared from the taskbar…

Latest cracks