A child discovers new iOS and Android viruses. Don’t trust these apps with 2 million downloads

Avast security firm specialists have detected at least seven malicious and adware apps available for download through the Play Store and App Store. Experts reportedly found these apps because a child reported various Instagram and TikTok profiles promoting a suspicious app; this report was submitted to Be Safe Online, a cybersecurity awareness project implemented by Avast.

La imagen tiene un atributo ALT vacío; su nombre de archivo es playstoreappstore.jpg

These apps have been downloaded by nearly 2.5 million users in total, generating profits close to $500,000 USD for their developers, an expert who works for security firm SenseTower mentions. It’s striking that these apps have been downloaded so many times even when they record ratings of between 1.5 and 3.0 in the app store ranking. Below is the list of detected apps, in addition to their corresponding operating system:

  • ThemeZone – Shawky App Free – Shock My Friends (Android)
  • Tap Roulette ++Shock my Friend (Android)
  • Ulimate Music Downloader – Free Download Music (Android)
  • Shock My Friends – Satuna (iOS)
  • 666 Time (iOS)
  • ThemeZone – Live Wallpapers (iOS)

When installing any of these applications, users will encounter multiple drawbacks and malicious behavior of the application, for example:

  • Apps request access to the device’s external storage
  • Multiple buttons appear announcing an alleged minigame; if the user clicks on the free trial offer, they will be redirected to a paid site requesting a weekly subscription fee of between $8 and $10 USD
  • If despite this the user decides to pay, it is revealed that the app contains basic wallpapers and there is nothing about the supposed game
  • The app displays multiple invasive ads about other services even if users have already given money
  • Although presented as innovative entertainment options, these apps barely function as a wallpaper download center, makes the device vibrate, among other functions without more utility

As mentioned at the beginning, multiple popular social media profiles advertise these apps, including a TikTok account with over 300,000 followers and an Instagram profile with about 5,000, so there are few users exposed to these fraudulent apps.

This set of apps appear to have been developed by the same company, as they have similar names and functions, as well as employing practically the same method of adware and arbitrary charges to generate profits. This information has already been submitted to Google, Apple, TikTok and Instagram to take appropriate action.