“This is one of those scenarios where the user looks for protection but only finds problems,” Bestuzhev wrote.
Google has become more vigilant in keeping malicious applications out of the Play store, but security experts frequently find rogue ones that have slipped in. Security vendor Symantec said in July it had found more than 1,200 suspicious applications in the Play store since the start of the year.
The malicious application appears to have been registered with RevMob, a mobile advertising network based in Brazil. RevMob pays application developers a per-install fee based on the number of users who have downloaded other applications that are displayed in the advertisements, according to its website.
RevMob is a spinoff of a gaming company founded in 2009 called “Best, Cool & Fun Games,” which developed mobile games titled “Ant Smasher” and “Bunny Shooter,” the website says.
Advertising networks often have automated sign-up processes, so it may be possible for a rogue developer to try and monetize an application with advertisements before it is detected.
The AdBlock Plus impersonator, which Kaspersky calls “HEUR:AdWare.AndroidOS.Starsys.b,” has other potential risks. Bestuzhev wrote it gains a variety of permissions, including access to SMS messages and a person’s contacts as well as ability to open up the device to incoming Bluetooth connections.