Security researchers have uncovered a new mobile adware program lurking in 22 fake flashlight and utility applications on the Google Play Store. According to Check Point researchers, these apps were collectively downloaded by users between 1.5 million and 7.5 million times.
The malware, dubbed "LightsOut", was hidden in 22 different apps to secretly generate ad revenue for its developers by constantly bombarding users with pop-up ads that forced a person to click them before they could continue using the device.
If a new Wi-Fi network was discovered or a user attempted to end a call, plug in their charger or even lock their phone screen, they were met with an annoying pop-up ad.
"The deception was far reaching in its disruption to the user," researchers wrote in a blog post published on Friday, 5 January. "Some users noted that they were forced to press on ads to answer calls and perform other activities on their device. Another user reported that the malicious ad activity continued even after he purchased the ad-free version of the app, taking the abuse to a whole new level."
Once launched, the app has the ability to hide its icon on the main screen, making it harder for a user to find and uninstall the app.
It also purported to offer users the ability to turn off adverts as well. However, users were still met with constant pop-up ads since LightsOut can "override the user's decision and continue to display ads out of context".
"Since the ads are not directly connected to LightsOut's activity, the user is unlikely to understand what caused them, and even if he does, he won't be able to find the app's icon and remove it from his device," researchers said.
Some of the malicious apps found distributing LightsOut included Flashlight Pro, Smart Flashlight, Cool Flashlight, Network Guard, Realtime Cleaner and Call Recorder Pro, among others.
Check Point researchers have notified Google about the malicious apps and have since been removed from the Google Play Store.
This is not the first time Google Play has been found harbouring apps riddled with malware. Trend Micro researchers recently found 36 malicious Android apps disguised as security tools that collected user data, tracked their location and bombarded them with ads.
"Despite the vast investment Google has recently made in the security of their App Store, LightsOut reminds us once again that users need to be wary of downloading from the App Store and are advised to have a 'Plan B' in the form of an advanced mobile threat defence solution that goes beyond anti-virus," researchers warned.
"Many users are still unaware of the dangers lurking for them, and continue to install apps such as fishy flashlights, putting them at risk of making their winter months even darker."