My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Back to the news list

Doctor Web: 50,000,000 users download Google Play application containing aggressive advertising

March 3, 2017

Advertising modules incorporated into Android applications for monetization purposes have become widespread. Many of these plug-ins operate aggressively: they create unnecessary icons and display banners and pop-up windows. Doctor Web specialists found a program on Google Play that contains one of these modules. More than 50,000,000 users have installed it.

Doctor Web specialists examined an on-screen keyboard app called TouchPal. Mobile device owners can use it instead of the standard one. It does indeed work as stated but contains an unwanted advertising module. In keeping with the Dr.Web classification system, the module was named Adware.Cootek.1.origin.

screenshot Adware.Cootek.1.origin #drweb

This plug-in displays several types of ads. For example, on the home screen it creates widgets that can’t be deleted until the device owner clicks on them. When the widget is clicked on, Adware.Cootek.1.origin displays an interactive window with a short game that the user always wins, with an ad being their “prize”. Besides the “game”, the module can display a window with news accompanied by banners.

screenshot Adware.Cootek.1.origin #drweb screenshot Adware.Cootek.1.origin #drweb screenshot Adware.Cootek.1.origin #drweb
screenshot Adware.Cootek.1.origin #drweb screenshot Adware.Cootek.1.origin #drweb

In addition, Adware.Cootek.1.origin embeds advertising in the lock screen and displays banners right after a mobile device is unlocked.

screenshot Adware.Cootek.1.origin #drweb screenshot Adware.Cootek.1.origin #drweb

Despite the fact that TouchPal itself is not a malicious program, the unwanted module within it— Adware.Cootek.1.origin —actually makes the mobile device difficult to use due to the constant stream of pop-up notifications and unremovable widgets. Given the fact that this plug-in is embedded directly into the TouchPal software, users can only remove it by deleting the main application. The signature of Adware.Cootek.1.origin has been added to the virus database, so Dr.Web for Android successfully detects it in all programs.

More information regarding Adware.Cootek.1.origin

Protect your Android device with Dr.Web now

Buy online Buy on Google Play Free download

Tell us what you think

To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.

Other comments