Flashlight and Utility Apps Infected with LightsOut Adware

Check Point researchers have detected a new type of adware, dubbed LightsOut, embedded in at least 22 flashlight and utility apps available in the Google Play store, reaching an estimated 1.5 to 7.5 million downloads. LightsOut is used to fraudulently generate ad revenue by displaying pop-up ads on the end user’s device, sometimes forcing the user to click the ad before it will allow them to perform other actions. Device events that will trigger the display of ads include connecting to WiFi, ending a call, plugging in a charger, or locking the screen. The malicious script overrides the user’s ability to prevent ads from being displayed outside of a legitimate context. In many of the apps, it also hides its icon in attempts to prevent its removal. Google was notified and has since removed the malicious apps. The NJCCIC recommends Android device users review Check Point’s research, use antivirus or advanced mobile threat defense solution on their device, read app reviews and ensure the permissions requested match the app’s advertised functionality prior to downloading, and be sure to keep device hardware and software updated.