Mobile Menace Monday: A race to hidden ads
Credit to Author: Nathan Collier| Date: Mon, 04 Jun 2018 15:00:00 +0000
Who doesn’t love a good motorcycle racing game, right? How about one easily available on Google Play, a “safe” place for all your Android app desires? How about a bike racing game that sticks with you so much, you can’t easily uninstall it? And it displays hidden ads?
Wait, what!? That’s right! In the slideshow below, a game titled Motorcycle Race—Bike Race (package name: com.bikeme.racersm) has rave reviews by users who demand to know how to uninstall the game.
Rev your engines for heightened privileges
So how does one get into such a predicament? That all starts with the install process. Upon installing Motorcycle Race—Bike Race, the first screen asks to Activate device administrator.
Okay, so obviously a bike racing game requesting device administrator rights with permission to Lock the screen is a big red flag. However, if you didn’t catch that, there’s another clue that something is amiss. Look at the app name asking for permission: Media Player. That’s going to make finding the app in the device’s app list rather difficult (hint, hint).
After the initial weirdness of asking for heightened privileges, the app does open and run as advertised.
Don’t expect the game to perform well, though. It runs so slow and choppy, it makes for an unpleasant experience. This is because it’s doing something much more malicious in the background.
Over the handlebars into full screen ads
After the first time the device’s screen is locked/unlocked, it becomes clear why Lock the screen permission is requested. Behold: annoying lock screen ads that take up the whole screen!
Time to chuck this bike: how to uninstall
At this point, any user would be ready to ditch this two-wheeled game. However, if the game was given device administrator rights, this isn’t as straightforward as simply dragging the icon to uninstall. The easiest method would be to let Malwarebytes for Android, which detects this as Android/Trojan.HiddenAds.BiRa, remove the app.
However, you can also uninstall the app manually. Let’s start with dragging the icon to uninstall. That’ll bring up this warning pop-up:
Make sure to note the “Bike Racer is part of the following app: Media Player” text, as you’ll need this information later. Click OK to land here.
Next, select Manage device administrators.
Click the check mark to uncheck Media Player (which is the true name of the bike racing app). Depending on the Android OS version, this could also be an on/off toggle switch.
Here’s an extra reminder, as this is the tricky part: Anytime you need to uninstall an app manually, you’re looking for the app name listed after the colon from first warning pop-up: part of the following app:<app name>. It’s easy to assume that it’s listed under the app icon name (in this case Bike Racer). This method is a clever way to obfuscate removal.
Back to uninstalling the app. After you select the check mark, you’ll get to this screen. Click “Deactivate” at the bottom of the screen.
After device administrator rights are revoked, once again drag the icon to uninstall. This time, you’ll be able to successfully remove the app.
You have the right to not give rights
Even when installing apps from reputable sources like Google Play, be careful when you grant device administrator rights. Although there are times when it’s appropriate to grant such rights to an app, make sure the rights line up with the functionality of the app. Giving device administrator rights to a respectable security app in order to remediate ransomware makes sense. A bike racing game needn’t be given the same rights. Why would they need to lock your screen?
With a little scrutiny and a lot of paying attention to the fine print, you can protect yourself from malicious apps that slip by Google Play’s security parameters. Stay safe out there!
The post Mobile Menace Monday: A race to hidden ads appeared first on Malwarebytes Labs.