Beware of overly advertised apps in mobile app stores
AhnLab’s engine development team found a number of apps on the Google Play Store and Apple App Store that disguised themselves as dealing with topics close to our daily lives, such as government policies and learning apps, and displayed excessive ads.
figure 1. Hyped apps circulating on Google Play Store
figure 2. Hyped apps circulating in the Apple App Store
Such apps were previously highlighted in 2024 when they disguised themselves as K-PASS, and we found more of the same type of apps in 2025. after analyzing the apps involved at the time, it was found that there were multiple cases of disguised apps related to various government policies, and some of the apps were not removed from the store due to lack of clear malicious behavior.
* ‘K-Pass’ app downloaded by 10,000 people was actually a phishing app impersonating the government (2024.05.01) : https://www.kmib.co.kr/article/view.asp?arcid=1714467919
* Beware of Policy Guide Apps that Display Excessive Ads (2025.02.18) : https://atip.ahnlab.com/intelligence/view?id=921ab85d-2d99-4876-9a97-423d6e37c391
The apps are not official apps distributed by actual government agencies, and the developers are registered in each store, stating that they were created for “informational purposes only.”
figure 3. Google Play Store app introduction information
figure 4. Apple App Store app description
However, in the real world, users are repeatedly bombarded with ads to the point of annoyance. in particular, some apps are designed to display full-screen ads every time you switch screens and only close after a certain amount of time has passed.
figure 5. Android app execution screen
figure 6. iOS app execution screen
Due to the excessive advertising, the store user reviews are also dominated by negative comments. on the other hand, positive reviews are repeated in other similar apps with the same or very similar wording, suggesting that they may be artificially generated using compromised accounts.
figure 7. Google Play Store app user reviews
figure 8. Apple App Store app user reviews
These apps are continuously being developed or newly created and updated from the past. although no malicious behavior such as information theft has been identified, the apps are designed to encourage users to click on ads over and over again, which can lead to high ad revenue. this is likely why the developer’s strategy is to continuously produce and distribute a large number of mass-produced apps.
figure 9. App version history
Despite the different types of apps, they are very similar in how they are organized and behave, so it is likely that they were created by the same developer.
figure 10. iOS app behavior screen
The developer information listed in the store is also unclear. most of the links to developer sites are to Google Blogs (Blogspot), which are similar in format and information. in addition, the developer information in the store is often different from the blog information, or the name is unclear, suggesting that the site was created by a hijacked account.
figure 11. Developer site listed on the Apple App Store
figure 12. Developer site listed on the Google Play Store
To date, no obvious malicious behavior has been detected in these apps, but given their unclear and structural design, which makes it easy for developers to inject malicious functionality, it is possible that they could add functionality to download and load malicious payloads and redistribute them in the future.
When installing apps from the official store, users should be careful to check the app’s disclosure information, user reviews, and developer information to avoid becoming a victim.
