Avast explained that the programs pose as entertainment apps, which either aggressively display ads or charge from $2 to $10 to purchase the software.
Some of the programs, it added, are HiddenAds trojans, which disguise themselves as safe apps, but serve ads outside the app. "The apps we discovered are scams and violate both Google's and Apple's app policies by either making misleading claims around app functionalities, or serving ads outside of the app and hiding the original app icon soon after the app is installed," stated Jakub Vávra, a threat analyst at Avast.
"It is particularly concerning that the apps are being promoted on social media platforms popular among younger kids, who may not recognize some of the red flags surrounding the apps and therefore may fall for them," he added.
The First Computer Virtual and Augmented Reality Headset – The ‘Ultimate Display’ Concept and the Sword of Damocles. If we could name one person as the father of Virtual and Augmented Reality headsets as we know them today, it would without a doubt be Ivan Sutherland. In the 1960s, he described the concept of the ‘Ultimate Display’ that would be able to stimulate reality to a point that the viewer would not be able to tell the difference between the virtual and the real world. His concept included a head-mounted display with 3D sound and tactile feedback, a computer that would create and maintain the virtual world through this device and the ability of a user to interact with objects from the virtual world in a realistic manner. Sutherland later created the first VR/AR head-mounted display, which was connected to a computer and not a camera, known as the Sword of Damocles. However, the contraption he made was too heavy for a person to wear comfortably on their head, so the device had to be suspended from the ceiling. Furthermore, the computer generated graphics were too primitive with wireframe rooms and objects.
Difficult to Detect
HiddenAds trojans can be particularly pernicious because they will continue to serve ads even after the app that installed them is removed."The behavior of installing the adware separately through the original application is why it's classified as a Trojan rather than simply adware," explained Jonathan Tanner, a senior security researcher with Barracuda Networks. "The original app tricks the user into infecting their device with the actual adware rather than simply acting as the adware," he told TechNewsWorld.
Since the app is side-loading its adware and not serving the ads itself, the bad app should be easier to detect, but it does lower its profile by limiting itself to only functions used by legitimate programs and nothing more."This would normally be a good means of detecting malware," Tanner said. "Malware often requires more control over the phone than available to developers, often requiring rooting the phone which can be detected more easily." Adware, in general, can be difficult to detect because adverting is common within apps. "Adware takes these ads too far, by either being too invasive to the point of draining computing resources and bandwidth or utilizing less reputable ad networks that may distribute malware," Tanner explained. "Detecting invasive ads versus a simple banner would require profiling the behavior of the app or reverse engineering its code, both of which can be difficult and time consuming to do at scale," he said.
"Detecting malicious ad networks requires tracking which ad networks are legitimate and which are not, which again is not a trivial task," he continued. "As with the apps themselves, ad networks can suddenly shift from safe to malicious if the wrong advertiser signs up and has too much freedom as to what content is allowed."
Amazon Gives Alexa App a Makeover
Cowed by Influencers
It can be difficult for an app store to flag programs that charge money but offer little or trivial functionality if they live up to their claims, no matter how paltry they may be."For example, the surge of flashlight apps during the early days of the App Store's existence were largely legitimate, if questionable value for the money," said Chris Clements, vice president of solutions architecture at Cerberus Sentinel, a cybersecurity consulting and penetration testing company, in Scottsdale, Ariz. "The Apple and Google stores have since attempted to crack down on apps that only perform trivial functions," he told TechNewsWorld, "however the definition of what constitutes a trivial function can be murky for reviewers to determine."
Inexperienced users can also make the job of shady apps easier. "Mobile devices are a 'black box' for most users, and they have little visibility into what's happening deeper in the device," said Saryu Nayyar, CEO of Gurucul, a threat intelligence company, in El Segundo, Calif.
The Biggest Concerns. Despite the positives, there are some concerns about virtual reality. For example, some critics point out health and safety issues. If the technology is not used properly, users might suffer from health issues like seizures and other major discomfort. Some people could also trip and fall. There are also major privacy concerns with virtual reality. Some people fear that the headsets could lead to government surveillance, although there is no proof of that as of yet.
"There are a number of techniques mobile application developers can use to hide from a casual user," she told TechNewsWorld.
Users on networks like TikTok can also be too easily cowed by social media personalities. "Many social media influencers will take money to promote products or apps without doing any research into their legitimacy," Clements maintained.
"The influencer ecosystem is ultra-competitive and promotions from even those with large audiences can be bought for next to nothing," he added.
Leveraging Social SituationsUsing TikTok profiles for promoting scam apps is only the latest vector of abusing popular channels to capture profit from unsuspecting supporters, noted Ben Pick, a senior application security consultant at nVisium, a Falls Church, Va.-based application security provider.
"The best method to not be susceptible is to verify the app being downloaded and not click a link directly from a user's profile," he told TechNewsWorld.
"Check for excessive permissions and numerous bad reviews to prevent downloading similar scam or outright malicious apps," he added.Another factor influencing the downloading of these malicious adware apps may have been the imminent ban of TikTok by the Trump administration, which fizzled when the social app was able to cut a deal with Oracle and Walmart that satisfied Washington. "We frequently see threat actors leverage social situations to their advantage," observed Hank Schless, a senior manager for security solutions at Lookout, a San Francisco-based provider of mobile phishing solutions.
Pay Attention to ReviewsOne of the simplest ways to avoid becoming a victim of adware scams is to read the reviews about an app. "When loading apps, it's essential to read reviews and check the ratings," James McQuiggan, a security awareness advocate at KnowBe4, told TechNewsWorld.
Pay particular attention to negative reviews, added Cerberus Sentinel's Clements. "Scammers often use bots or pay for fake positive reviews," he explained. McQuiggan also advised that when there are prompts to install an app from an advertisement in a profile or on a website, it's vital to do some due diligence about the app to make sure it's not malicious. Chloé Messdaghi, vice president of strategy at Point3 Security, a provider of training and analytic tools to the security industry, Baltimore, Md. agreed. She told TechNewsWorld, "It's always better do some research before allowing an app into the most personal digital space in your life -- your phone."
It not only auto-installs apps, but also renders the phone unusable when the user attempts to uninstall the preinstalled malicious software.Thanks to the open source nature of Android, manufacturers can create custom versions of the OS on their devices with their own unique sets of preinstalled apps.
Virtual Reality Doesn’t Replace Real Life. Strapping on a virtual reality headset is an amazing experience. In fact, it’s so realistic that you almost feel as if you’re visiting a location or taking part in an activity. But the key word in this sentence is “almost.” Virtual reality isn’t meant to replace real life, but instead enhance it. One of the best examples of this is how the travel industry uses virtual reality. For destinations and hotels, virtual reality is a research tool that enables potential guests get a glimpse of what it would be like to visit or book a room.