
Fake photo editor apps hiding adware found on Google Play with a total of 3.5M downloads
A group of 29 fake apps was found on Google Play. When downloaded, the apps can open web browsers on their own. They also pop up random advertisements triggered by a number of user interactions on a compromised phone including anytime the phone is unlocked or plugged into a charger. All of the apps appear to masquerade as photo editors.
The apps have already been downloaded 3.5 million times from the Google Play Store. They are barely functional except for showings ads.
“Instead of any usable app functionality, though, the user is simply bombarded with out-of-context interstitial ads,” says a report from the White Ops Satori Threat Intelligence and Research Team.
OOC advertisements pop up each time the user unlocks their phone. Each time an infected device is unlocked, plugged into a charger, switches wireless networks, advertisement pop up on the home screen,
Save $100 on Samsung Galaxy Unlocked Phones Plus Free Shipping! (ad)
What are OOC Advertisements?
OOC advertisements, or cause out-of-context ads, are types of advertisements that are shown to the viewer using no particular type of targeting. It means an advertisement is shown to the user with no basis for knowing if they would have an actually have an interest or need for the featured product.
The opposite of OOC ads are contextual advertisements. The ad is shown to the viewer using ad targeting based on previous viewer behavior on websites, social media, demographics information, and even in-store purchases. Information for targeting contextual advertising is often taken from cookie tracking, contact lists, and credit card partners. A targeted advertisement is more likely to be of interest to the viewer because they indicated an interest through past purchase history or online activity.
READ: Some Android Adware May Be Unremovable
Annoying advertisements are not the only sign that is a phone infected with adware, malware, or another malicious app. Additional signs of a compromised device include random noises during calls, a phone that’s running at hot temperatures, a short battery life, high data usage, apps that won’t close, apps that don’t function as expected or outbox messages appear that you did not send.
The fake app with the lowest number of downloads (5,000+) was Blur Photo Editor. A few of the other fake apps, like Square Photo Blur, had over 500,000 downloads each
Names of Fake Android Apps
Most of the apps have the word “blur” in the name.
- Auto Picture Cut
- Color Call Flash
- Square Photo Blur
- Magic Call Flash
- Easy Blur
- Image Blur
- Auto Photo Blur
- Photo Blur
- Photo Blur Master
- Super Call Screen
- Square Blur Master
- Square Blur
- Square Blur Photo
- Smart Blur Photo
- Smart Photo Blur
- Smart Call Flash
- Super Call Flash
- Blur Photo Editor
- Blur Image
These fake apps can run unchecked on a compromised device and randomly open web browsers on their own and show advertisements at will.

Signs of Fake Apps
All of the apps have been removed from the Google Play Store, but it is possible that you may still have this app installed on your phone.
- App icon disappears from your home screen, making them difficult to uninstall
- If the only way you can open the app is by going into your Settings menu
- Your phone is suddenly showing advertisements