Notably, apps display ads hidden as warning messages to users when they unlocked their Android smartphones. The matter was first noticed and reported by a user on Avast Forum who also uploaded a video showing how the malicious apps worked on an Android smartphone.
The user wrote, "I've found a dozen of apps in Google Play with same malicious ad SDK integrated. Each time you unlock your device the app will open ad url in background or show interstitial ad over the screen."
"By some reason Avast Mobile Security doesn't treat these apps as suspicious or dangerous, although it is rather easy to detect apps with this ad SDK, they have same components declared in manifest," he added.
The antivirus software maker in its blog post was also quick to point out that Avast Mobile Premium detects such apps that display such ads. TechCrunch points out that Avast is analysing more apps, apart from the three named above, for similar malicious behaviour in the hopes to find other popular apps with similar adware.
Chytry adds that when he first saw the user report, he didn't think much it, but then discovered that the apps reported were "a bit bigger" than he initially thought. "First of all, the apps are on Google Play, meaning that they have a huge target audience - in English speaking and other language regions as well. Second, the apps were already downloaded by millions of users and third, I was surprised that the adware lead to some legitimate companies," he noted.
According to Avast, the malicious apps remain composed until the device has been restarted. After a week once the device has been restarted once, users start receiving pop up warning messages about "your device is infected, out of date or full of porn."
Chytry adds, "Some of the apps wait up to 30 days until they show their true colours. After 30 days, I guess not many people would know which app is causing abnormal behaviour on their phone." The popup warning messages that come up each time a user unlocks the device are just hoax messages and are meant to redirect the user to "harmful threats on fake pages."
"If you approve you get re-directed to harmful threats on fake pages, like dubious app stores and apps that attempt to send premium SMS behind your back or to apps that simply collect too much of your data for comfort while offering you no additional value," the post adds.
Another concern raised by Avast's Filip Chytry is that in some cases users are directed to other security and antivirus apps available on Google Play, which might mean that developers or companies are promoting their apps via adware.
Unfortunately, even after installing the security apps from Google Play, the malicious messages keep popping up.
"Even if you install the security apps, the undesirable ads popping up on your phone don't stop. This kind of threat can be considered good social engineering," adds Avast.
This is not the first time Android apps have been discovered with malicious behaviour. In the past, reports have pointed out that 99 out of every 100 mobile devices fall prey to mobile malware are Android devices. Last year, a top paid app on Google Play store was uncovered as fake.
Users are recommended to use caution when downloading apps, even from the Google Play store, by reading reviews thoroughly and trying to choose trusted developers.