Parents have been warned to check their children’s internet use after a cyber security company found seven scam applications promoted to kids on social media.
The malicious apps, known as “HiddenAds trojans”, pose as games, wallpaper apps and music downloaders.
But once installed they aggressively display ads or charge users between $2 and $13.
They can also hide the original app icon, making it difficult for users to identify where the ads are being served from.
The apps were discovered after a child in the Czech Republic reported to Avast security a TikTok profile promoting what appeared to be a suspicious app.
“It is particularly concerning that the apps are being promoted on social media platforms popular among younger kids, who may not recognise some of the red flags surrounding the apps and therefore may fall for them,” said Avast threat analyst Jakub Vávra.
Upon investigation, Avast found seven adware scam apps on the Google Play Store and Apple App store.
Several of the apps are being promoted on TikTok using at least three profiles dedicated to pushing the apps.
One of the fake profiles has more than 300,000 followers.
Avast researchers also discovered an Instagram profile promoting one of the apps, with more than 5000 followers.
The iOS and Android apps appear to be developed by the same person or group, Avast said.
The links promoted on the social media profiles lead to the iOS or Android versions of the apps, depending on the device the link is being accessed from.
“Altogether, the apps have been downloaded more than 2.4 million times and have earned the people or persons behind the scam more than $US500,000 (AUD700,000),” Vávra said.
Anyone downloading an app promoted on social media should read the reviews first.
Reviews that are negative or too positive should be a red flag.
“Signs that an app could be a scam include low app ratings, and negative reviews, citing excessive ads or low functionality of the alleged app features,” Vávra said.
“In addition to the seven apps, we also noticed the app developers have more apps, with very low downloads and reviews, but the handful of reviews they have are extremely positive and enthusiastic, which can also be a sign that something is suspicious.”
Users should also question whether the amount they are paying for an app is excessive.
“Many of these apps offer basic or unrealistic features, like simple games that claim to shock players, or wallpapers for around $8, a high amount considering games and features like this are often offered for free by other developers,” Vávra said.
Many of the scam apps will ask for permissions that are not required for simple apps such as wallpapers.
For example, the Android app ‘ThemeZone – Shawky App’ requests access to a device’s external storage, which can include photos, videos and files.
“Accessing external storage is not a must for a wallpaper app,” Vávra said.
Avast said parents should speak to their children about what to look for when downloading an app – or make it a rule to ask permission before downloading.