LightsOut is an Android adware discovered by researchers at Check Point, found embedded in at least 22 flashlight and utility apps available in the Google Play store, reaching an estimated 1.5 to 7.5 million downloads. LightsOut is used to generate illegal ad revenue for the threat actors by displaying pop-up ads on the end users’ device, sometimes forcing the user to click the ad before it will allow them to perform actions on their device. Additionally, the malicious script overrides the user’s ability to disable ads showing outside of a legitimate context. In many of the apps, it also hides its icon in attempts to prevent its removal. Google was notified and has since removed the malicious apps.
- Check Point provides technical analysis of LightsOut here.