A PDF reader in the Google Play Store has more than a million downloads. However, it is adware that even displays full-screen advertisements when it is not used.
The IT security researchers from Malwarebytes have discovered aggressive adware in the Google Play Store that comes along as a PDF reader. However, it also displays full-screen advertising when users are not using it at all.
The app seems to be a pure spam slingshot. The Malwarebytes researcher reports that after installing it from the app store, it takes a few hours for the first ads to appear. The adware programmers want to make it more difficult to track down the causative app. After a few hours, however, the smartphone even reports acoustically and plays a notification tone. After unlocking the display, a full-screen advertisement covered the screen; sometimes even promotional videos.
Good ad SDKs, bad ad SDKs
The logs showed that the adware developers’ own ad SDK loaded and displayed these ads. Ad SDKs are pre-built ad libraries that app developers can plug into. They usually only display ads within the app being used, within acceptable limits, and generate revenue for the app developers – this is often what makes the free app versions possible.
However, thanks to their own ad SDK, the PDF viewer programmers are not bound by the usual restrictions and can therefore display aggressive advertising. However, it is then an adware. That means the well-known malware category.
Warning sign in app properties
However, some properties of the app are already noticed negatively in the app store. The Malwarebytes researchers find the name of the developer, for example Fairy games suspicious – why would such a company develop anything other than games? In addition, the app was marked with the age group “Mature 17+”. A PDF reader shouldn’t really have an age limit. In the meantime, the advertising app developers have also adapted this.
What is also striking is that with more than a million downloads, around 1500 reviews were submitted – of which only five also contain a text. According to them, the app does not even display PDF files, but offers to save them. Other users complain about the spam nature of the app.
The app can currently still be found in the Google Play Store and can still be installed. However, Android users should keep an eye out if they have “PDF Reader: View Documents” by Fairy games on their phone. The package name is com.document.pdf.viewer. The malicious app can be quickly uninstalled via the app information or the app list in the smartphone settings. There are a few more details in the Malwarebytes report.
From time to time, apps with malicious intentions appear in the app store. About a month ago, Google threw eight apps with more than three million downloads from the store that ripped off users by subscribing to premium services. A week ago, Bitdefender detected 35 malware apps with more than two million installations, which Google subsequently banned from the Play Store.