Home Security Sophos finds Google Play adware that refuses to die

Sophos finds Google Play adware that refuses to die

Security firm Sophos Labs says it has found several popular Android apps in the Google Play store that contain a third-party library that keeps popping up ads even if the user tries to close them.

It said that more than 40 apps used the library which had been downloaded more than six million times.

The library in question supports Android 2.3 through to Android 6 and devices from Samsung, Huawei, Meizu, Mi and Nexus.

Sophos said the primary function of the library was to keep the adware alive even if the user tried to force it to close or scrub the memory.

A total of 47 apps were found to included this MarsDae library and while Google had removed some of them, many remained.

Adware.Sophos gave the following list of package names:

  • cn.etouch.ecalendar.life
  • com.aimobo.weatherclear
  • com.ali.money.shield
  • com.anti.block.porn.safebrowser
  • com.app.fast.boost.cleaner
  • com.app.wifi.recovery.master
  • com.baiwang.facesnap
  • com.block.puzzle.game.king
  • com.booster.ram.app.master.clean
  • com.card.game.bl.plugintheme21
  • com.card.game.bl.plugintheme22
  • com.card.game.bl.plugintheme23
  • com.cardgame.solitaire.sfour
  • com.clean.phone.boost.android.junk.cleaner
  • com.cleaner.booster.speed.junk.memory
  • com.color.paper.style
  • com.corous360.zipay
  • com.desk.paper.watch
  • com.exact.digital.ledcompass
  • com.free.sudoku.puzzle
  • com.freegames.happy.popcandy
  • com.freegames.popstar
  • com.freegames.popstar.exterme
  • com.gmiles.alarmclock
  • com.gmiles.switcher
  • com.insta.browser
  • com.listen.music.pedometer
  • com.ljapps.wifix.recovery.password
  • com.mg.callrecord
  • com.mola.tools.mbattery
  • com.mola.tools.openweather
  • com.mx.cool.videoplayer
  • com.news.boost.clean
  • com.ojhero.nowcall
  • com.phonecooler.battery.cleaner.wifimaster
  • com.picture.photo.editor
  • com.powercleaner
  • com.red.music.audio.player
  • com.riti.elocation.driver
  • com.samll.game.puzzle.plus
  • com.smartx.flashlight
  • com.tool.powercleanlite
  • com.tool.videomanager
  • com.tools.freereminder
  • com.wise.trackme.activity
  • org.mbj.filemanager
  • org.mbj.sticker

It said that once an app that contained the library was installed, ads would start to pop up. Even if the ad was force stopped from the system settings, the pop-ups would continue.

Sophos provided screenshots of ads popping up in an app called Snap Pic Collage Color Splash (seen above, right) which it said had been downloaded from Google Play more than 50,000 times.

It said it would continue working with Google to get the adware removed.


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



Ransomware is a type of malware that blocks access to your files and systems until you pay a ransom.

The first example of ransomware happened on September 5, 2013, when Cryptolocker was unleashed.

It quickly affected many systems with hackers requiring users to pay money for the decryption keys.

Find out how one company used backup and cloud storage software to protect their company’s PCs and recovered all of their systems after a ransomware strike.


Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.


Popular News