• For the umpteenth time so far in 2020, a new batch of sketchy Android apps has been identified, with the apps seemingly having no legitimate purpose beyond bombarding users with ads.
  • This new batch of 29 Android apps was downloaded at least 3.5 million times.
  • Most of the apps in question included the word “blur” in the title, used seemingly bogus developer names, and were hit with scores of negative reviews.

White Ops Satori Threat Intelligence researchers got a little cheeky in a blog post that walks through new research identifying a slew of sketchy Android apps found to contain malware, barely asserted much of a legitimate purpose — and yet somehow managed to amass at least 3.5 million downloads.

“We’ve got a quick mobile app safety tip or two for you: If the app you’ve just downloaded is playing hide and seek with you, the icon disappearing from your home screen, it might be bogus,” the team notes, a touch humorously, in what’s become a bit of an on-again, off-again story that never really ends. We’re referring, of course, to the constant whack-a-mole style hunt for dodgy, malicious apps that keep sneaking into the Google Play Store, and fooling millions of users into downloading them, a saga we’ve chronicled often here. The White Ops Satori Threat Intelligence team, meanwhile, continues: “If the only way you can open the app is by going into your Settings menu and finding it in a long list of apps, it might be bogus. And if after you download this app, you open your phone and you begin getting bombarded by ads just appearing out of nowhere, it might be bogus.”

The results of this investigation by the researchers turned up more than two dozen mobile apps with “suspiciously” high ad traffic volume — 29 Android apps in all, with so-called code facilitating out-of-context (or, OOC) ads which also made an attempt to keep themselves from being spotted by security measures. White Ops’ “CHARTREUSEBLUR” investigation into the apps was given that moniker because most of the apps included the word “blue” in their package name. And, while they generally didn’t function as advertised, most of them tried to pretend they were legitimate photo editors which let users “blur” sections of a given image.

You can find the full list of apps and package names here. The researchers’ report spotlights one of the apps in particular, called Square Photo Blur, and points to some giveaway signs that it’s malicious. First of all, the developer’s name is listed as “Thomas Mary.” “Almost certainly bogus,” the report helpfully points out. “All of the apps in this investigation feature developers whose ‘names’ are common English language names smashed together, seemingly at random.”

Another red flag here was the fact that customer feedback in the app’s reviews section was almost universally negative against the developer. The reviews also suggested the app didn’t really do much of anything and bombarded users with ads.

At least this wasn’t as bad as another report of malicious Android apps that were found and booted from the Google Play Store, which we reported about earlier this month. Evina, a French cybersecurity firm, disclosed this news about a single threat group that developed a batch of apps that were made to look like everything from wallpaper and flashlight apps to mobile games. However, the apps’ true purpose was to try and steal users’ Facebook login data.

Andy is a reporter in Memphis who also contributes to outlets like Fast Company and The Guardian. When he’s not writing about technology, he can be found hunched protectively over his burgeoning collection of vinyl, as well as nursing his Whovianism and bingeing on a variety of TV shows you probably don’t like.