Malware Hidden as Advertising SDK Removed from Google Play

Google forces 75 apps to remove malware from their code.

The malware is called AdDown, and if the name doesn’t give it away, it’s adware, hidden as an advertising SDK and it’s not new. AdDown has gone through three separate stages of evolution since it first arrived in January of 2015. Each of these iterations carried it’s own name.

Joymobile was first, and was most frightening with it’s ability to install APK’s on it’s own. Later came Nativemob, which removed this ability, likely to better camouflage it’s real malicious intent. Finally came Xavier which streamlined it’s abilities and turned it into little more than adware.

Trend Micro found that the malware was being distributed to app developers as an advertising campaign. There is no doubt that most if not all of the developers were unaware of the malicious nature of the code they included within their apps. In any event, Google has now forced the developers of 75 incfected apps to remove the AdDown code.




Founder & Owner of UTB Blogs. Former BlackBerry Elite. When I'm not talking or writing about BlackBerry, you'll find me using my BlackBerry.