Security News

Tip From Child Uncovers Adware Scam Apps Totalling 2.4 Million Downloads

A tip from a child has led to the discovery of seven adware scam apps available on the Apple App Store and Google Play Store.

The apps have been downloaded more than 2.4 million times and raked in at least half a million dollars for those behind the scam, which was uncovered when the child, a 12yo girl, became suspicious of an app promoted on a TikTok profile. She reported it to Avast’s "Be Safe Online" project, which educates children in the Czech Republic on how to stay safe online, which then discovered further scam apps.

"The apps are specifically targeted to young people ... (and) come in the form of either charging $2 to $10 for a service that doesn’t meet that price point, including causing the phone to vibrate, a wallpaper, or access to music," wrote Avast in a blog. "The apps ... violate both Google’s and Apple’s app policies by either making misleading claims around app functionalities, or serving ads outside of the app and hiding the original app icon soon after the app is installed."

At least three TikTok profiles, one of which has in excess of 300,000 followers, were found pushing the apps, while an Instagram account promoting one of the apps had more than 5,000 followers.

"It is particularly concerning that the apps are being promoted on social media platforms popular among younger kids, who may not recognize some of the red flags surrounding the apps and therefore may fall for them," said Avast.

Avast has reported the apps to Apple and Google and the accounts to TikTok and Instagram.

+ + +

Thanks for visiting SecAlerts and reading this story. We offer a free weekly CVE alert service, or an hourly service from $US20/mth, both of which include software updates and news relating to your software stack. Join more than 1,300 other users and sign up.

. . .

If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.

Receive alerts for vulnerabilities, zero-days, security news and more

Try our FREE 14-day trial. See an example email

Example email for SecAlerts