Freely subscribe to our NEWSLETTER

Dubbed ‘LightsOut’, the code hid itself in 22 different flashlight and utility apps, and reached a spread of between 1.5 million and 7.5 million downloads. Its purpose? To generate illegal ad revenue for its perpetrators at the expense of unsuspecting users.

The deception was far reaching in its disruption to the user. Some users noted that they were forced to press on ads to answer calls and perform other activities on their device. Indeed, another user reported that the malicious ad activity continued even after he purchased the ad-free version of the app, taking the abuse to a whole new level.

Check Point notified Google about all these apps, who soon removed them from the Google Play store.

How It Works

As shown in our video, the malicious app offers the user a checkbox, as well as a control panel, in which they can enable or disable additional services, including the displaying of ads. The events that will trigger ads are any Wi-Fi connection, the ending of a call, a plugged in charger or the screen being locked.

However, if the user chooses to disable these functions, ‘LightsOut’ can override the user’s decision and continue to display ads out of context. Since the ads are not directly connected to LightsOut’s activity, the user is unlikely to understand what caused them, and even if he does he won’t be able to find the app’s icon and remove it from his device.

Main Takeaways:

Despite the vast investment Google has recently made in the security of their App Store, ‘LightsOut’ reminds us once again that users need to be wary of downloading from App Stores and are advised to have a ‘Plan B’ in the form of an advanced mobile threat defense solution that goes beyond anti-virus. Many users are still unaware of the dangers lurking for them, and continue to install apps such as fishy flashlights.

Many users are still unaware of the dangers lurking for them, and continue to install apps such as fishy flashlights, putting them at risk of making their winter months even darker.