A new type of overwhelmingly annoying adware is roaming Google Play, hiding itself in 22 different flashlight and utility apps.
Appropriately dubbed “LightsOut” by Check Point researchers, the suspicious script’s purpose is to generate illegal ad revenue for its perpetrators at the expense of unsuspecting downloaders. The nuisance factor is extreme: Some victims have been forced to press on ads to answer or end calls, or must watch ads to perform other activities on their devices, like making a Wi-Fi connection, charging the phone or unlocking the screen.
Further, it’s hard to get rid of it. If the user tries to disable ads within these functions via the control panel, LightsOut simply overrides that decision and then hides its icon.
“Since the ads are not directly connected to LightsOut’s activity, users are unlikely to understand what caused them, and, even if they do, they won’t be able to find the app’s icon and remove it from their device,” Check Point researchers explained, in an analysis.
Also, some victims reported that the malicious ad activity continued even after purchasing the ad-free version of the app, taking the abuse to a whole new level.
Before Google removed the offending apps, LightsOut saw between 1.5 million and 7.5 million downloads.
“Despite the vast investment Google has recently made in the security of their App Store, LightsOut reminds us once again that users need to be wary of downloading from app stores, and are advised to have a Plan B in the form of an advanced mobile threat defense solution that goes beyond antivirus,” Check Point said. “Many users are still unaware of the dangers lurking for them, and continue to install apps such as fishy flashlights.”