MAM
New Stealthy ad clicking tactics found in popular apps on Google Play
MUMBAI: Two apps with over 1.5 million downloads use new method to stealthily click ads on users’ devices. Apps present on Play Store for almost a year before being discovered.
Norton LifeLock recently spotted a new tactic being used by apps on the Google Play Store to stealthily perform ad-clicking on users’ devices. A developer known as Idea Master has published two popular apps on the Play Store in the past year, with a collective download count of approximately 1.5 million. Norton LifeLock, a Symantec brand has informed Google of the observed behavior and the apps have now been removed from the Play Store.
The two apps, a notepad app (Idea Note: OCR Text Scanner, GTD, Color Notes) and a fitness app (Beauty Fitness: daily workout, best HIIT coach), are packed using legitimate packers originally developed to protect the intellectual property of Android applications. Android packers can change the entire structure and flow of an Android Package Kit (APK) file, which complicates things for security researchers who want to decipher the APK’s behavior. This also explains the developer’s ability to remain on the Play Store performing malicious acts under the radar for nearly a year before being detected.
The attack starts with a notification in the notification drawer on the user’s device.
Upon clicking on the notification, Toast is used to display a hidden view containing advertisements (Toast messages are commonly used to display unobtrusive notifications that appear on the current activity UI screen, such as when the volume is adjusted).
Unlike hidden views where the view is set to transparent in order to hide content from the user, this threat actor deploys a much more cunning way of running the advertisements while keeping them hidden from the user. This is done by first creating a Canvas outside the device’s viewable display such that, technically, the advertisements are drawn on the device. By using the translate() and dispatchDraw() methods (see Figure 4) the position of the drawings are beyond the device’s viewable screen area and the user is unable to see the advertisements on their device. Using this tactic allows advertisements, and any other potentially malicious content, to be displayed freely. The app can then initiate an automated ad-clicking process that produces ad revenue.
As threat actors generate ghost clicks and ad revenue, impacted devices will suffer from drained batteries, slowed performance, and a potential increase in mobile data usage due to frequent visits to advertisement websites.
These apps went unnoticed on the Google Play Store for nearly a year, affecting roughly 1.5 million users before we uncovered their sneaky behavior. The apps’ use of Android packers and the unusual method of hiding advertisements adds a level of complexity for security researchers.
A special thank you to Tommy Dong for his dedicated contribution in analyzing this sample.
Brands
Jubilant FoodWorks faces Rs 47.5 crore GST demand, plans appeal
Tax authorities flag alleged misclassification of restaurant services
MUMBAI:Â Jubilant FoodWorks Limited has landed in a tax tussle after receiving a GST demand of Rs 47.5 crore from the office of the additional commissioner of CGST and central excise in Thane, Maharashtra.
The order, issued under the provisions of the Central Goods and Services Tax Act, 2017, relates to an alleged incorrect classification of certain services under the category of restaurant services. According to the tax authorities, this classification resulted in a short payment of goods and services tax for the period between the financial years 2019-20 and 2021-22.
The demand includes Rs 47.5 crore in GST along with an equal amount as penalty, in addition to applicable interest. The order was received by the company on March 13, 2026.
In a regulatory filing to the BSE Limited and the National Stock Exchange of India Limited, the company said it disagrees with the order and believes its arguments were not adequately considered.
The company is preparing to challenge the decision and plans to file an appeal. It added that once the redressal process is complete, the demand is likely to be dropped.
Despite the sizeable figure attached to the notice, the company said it does not expect any material impact on its financials, operations or other activities.
The disclosure was signed by Suman Hegde, EVP and chief financial officer, who confirmed that the company received the order at 19:06 IST on March 13 and has already initiated steps to contest it.
The development places the quick service restaurant major in the middle of a tax debate that could hinge on how certain restaurant-linked services are classified under GST rules. For now, the company appears ready to take the matter from the tax office to the appeals desk.
