Avast has made some discoveries through its platform apklab.io after scanning the Google Play Store. The findings were 50 adware apps that have been installed from 5K to 5m times. The problem comes from the adware TsSdk that was found by Avast in the first version of the malicious app. The app is displaying full-screen ads everywhere, and it’s trying to convince the user to install all kind of adds.
What’s the Story with TsSdk?
TsSdk is linked with other third-party Android libraries that can bypass the service restrictions of the Android software. Avoiding the service restrictions, the adware can display more and more ads to users. And that’s against the Play Store’s Rules. Also, TsSdk has two versions on the Play Store and are linked together by the same code, and Avast discovered this.
Furthermore, those old versions have made their way to the game, fitness, and photo editing apps, and have been installed 3.6 m times. The countries that have been received this adware are India, Indonesia, Pakistan, Bangladesh, Nepal, and the Philippines. The problem is when this app creates shortcuts on a user’s home screen, or it’s capable of downloading other apps for a future install.
On the other hand, the newer version of the TsSdk has been found on the music and fitness app and has been installed for about 28 m. Besides the countries mentioned above, this time the UK and Brazil were added. This version comes with full strength, because analysts have some problems with it, it’s harder to unpack. The code is encrypted using the Tencent packer.
Finally, we recommend that caution to be taken. Even Avast recommends checking app permissions and of course, installing an antivirus app. Also, take note of Facebook ads. One click on the Facebook ads will trigger the install of the app.
Agnes is a technical writer, being in touch with reports to come up with the latest tech leaks.
