Malicious Google Play apps that discredit battery by displaying ads, using special tricks to make things seem legitimate and not recognized by Google Play.
Researchers have recently found that some apps on Google Play overcharge ads that drain a user’s battery, even when they’re not running. These apps use special tricks to avoid being identified by Google Play and users.
Researchers using Bitdefender antivirus have found that, for example, some applications wait for up to 4 hours before hiding their device, stopping for four hours, displaying ads at random intervals, or displaying their code at They share several files.
The apps have codes that do the job promised in Google Play’s description so they seem legitimate, but Bitdefender has found 6 of these apps that have been installed nearly 2,000 times.
One of these apps is a race simulator that has in-app payments to use additional features. Excessive advertising on this app drains the user’s battery, as many users stop playing with it.
In this app, after a four-hour break, ads are generated using a random number (less than three) and compared to a predetermined number. If the random number is equal to a predetermined number, the user Is shown.
As a result, when a user unlocks the infected phone, one-third are likely to see the ad. Advertising display mechanisms are also scattered across several activities and advertising software is used.
The randomness of the ad display and the display time intervals also reduces the ability to identify patterns. The app also uses other tricks to make ads unpredictable.
The researchers report:
Users see ads while playing games by pressing various buttons or even when not using the app. When using an app, the frequency of displaying the ad depends on a random number. In half of the cases when using certain game features, it is likely that the ad will appear to the user.
The app also splits its content into two files. The ad code is found in the first file and the game code in the second file.
Bitdefender researchers wrote in their Malicious report:
Android.intent.action.BOOT_COMPLETED (the message that ends when the system boot ends) is the first registry recipient. Upon receiving this notification, the app launches an activity that launches an ad display scheduler.
After 5 minutes, the scheduled service starts and shows the ad only once to the user. Then the programmer reproduces itself by calling the same method of activity he had originally produced, and restarts it in 5 minutes.
The second recipient that the app is waiting to receive is the android.intent.action.USER_PRESENT notification (message that will be unlocked). Whenever a user unlocks their phone, if the software has been installed for at least four hours, an ad may be displayed to the user.
The ad display is programmed to produce fewer than three times each, and this number is compared to another numeric value, if the generated number is the same as the number to be compared, an ad will be shown to the user. In other words, the chance of an ad showing up every third time the user unlocks the phone.
Bitdefender has generally found 3 apps that use the same way to display ads. These apps have been downloaded a total of 4,000 times and Google has been removing them for some time now.
The following Malicious applications are:
Car Racing 2019
4K Wallpaper (Background 4K Full HD)
Backgrounds 4K HD
QR Code Reader & Barcode Scanner Pro
File Manager Pro – Manager SD Card / Explorer
VMOWO City: Speed Racing 3D
Screen Stream Mirroring
QR Code – Scan & Read a Barcode
Period Tracker – Women’s Cycle Ovulation
QR & Barcode Scan Reader
4K Wallpapers, Backgrounds HD
Smart Data Transfer
Explorer File Manager
Today Weather Radar
Mobnet.io: Big Fish Frenzy
The following image shows more information about apps.
Apps are not technically categorized as malware because their hidden functions are limited to displaying ads. But as these apps are draining your phone’s battery and there is a potential for additional malicious behavior to be added during future updates, it is recommended that they be removed from your phone as soon as possible.