Several adware programmes marketed aggressively on Facebook as system cleansers and optimizers for Android devices have accumulated millions of downloads from the Google Play store.
The applications lack all of the advertised functionality and push adverts while attempting to stay on the device for as long as possible.
To avoid deletion, the applications regularly change their icons and names, posing as Settings or the Play Store itself.
Adware applications make use of the Android component Contact Provider, which allows them to transport data between the device and web services.
Because the subsystem is contacted whenever a new programme is installed, the adware might exploit it to start the ad-serving process. It may appear to the user that the advertising is being pushed by the legitimate app they installed.
McAfee researchers found the adware applications. They point out that customers do not need to activate them after installation to see the advertising because the adware runs automatically without user intervention.
The first thing these intrusive apps do is set up a permanent service for displaying adverts. If the process is "killed" (terminated), it instantly restarts.
This video demonstrates how the adware's name and icon change automatically and how ad-serving occurs without user intervention.
According to McAfee's analysis, consumers are persuaded to believe the adware applications because they see a Play Store link on Facebook, leaving little room for uncertainty.
As a result, exceptionally high download counts for the specific type of apps have emerged, as shown below:
- Junk Cleaner, cn.junk.clean.plp, 1M+ downloads
- EasyCleaner, com.easy.clean.ipz, 100K+ downloads
- Power Doctor, com.power.doctor.mnb, 500K+ downloads
- Super Clean, com.super.clean.zaz, 500K+ downloads
- Full Clean -Clean Cache, org.stemp.fll.clean, 1M+ downloads
- Fingertip Cleaner, com.fingertip.clean.cvb, 500K+ downloads
- Quick Cleaner, org.qck.cle.oyo, 1M+ downloads
- Keep Clean, org.clean.sys.lunch, 1M+ downloads
- Windy Clean, in.phone.clean.www, 500K+ downloads
- Carpet Clean, og.crp.cln.zda, 100K+ downloads
- Cool Clean, syn.clean.cool.zbc, 500K+ downloads
- Strong Clean, in.memory.sys.clean, 500K+ downloads
- Meteor Clean, org.ssl.wind.clean, 100K+ downloads
The majority of impacted users are from South Korea, Japan, and Brazil, however, the adware has regrettably spread globally. The adware applications have been removed from the Google Play Store. Users who installed them, on the other hand, must manually delete them from the device.
Despite their limited advantages, system cleansers and optimizers are popular software categories. Cybercriminals know that many people would attempt such methods to extend the life of their gadgets, thus they disguise dangerous software as such.