A cybersecurity company has found more than 60,000 Android apps that have been quietly installing adware on mobile devices while remaining undetected for the past six months. Disguised as legitimate apps, they have been targeting users globally.
According to a report by the Romanian cybersecurity firm Bitdefender, these malicious apps have now been spotted using an anomaly detection feature which was added to the Bitdefender Mobile Security software last month.
“To date, Bitdefender has discovered 60,000 completely different samples (unique apps) carrying the adware and we suspect there is much more in the wild,” the cybersecurity firm warned.
As per the report, the campaign likely started in October 2022 and was distributed as fake security software, game cracks, cheats, VPN software, Netflix and utility apps on third-party sites. The malware campaign primarily targeted users in the US, South Korea, Brazil, Germany, the UK and France.
How apps are targeting users
These malicious apps weren’t available on Google Play and had been spread through third-party websites. These sites pop up in Google Search results and push users to download and install APKs and Android packages.
When users visit the sites, they are either redirected to websites showing ads or are asked to download the app they are searching for. These websites are designed specifically to distribute malicious Android apps and ss users install these spiked apps, they infect the Android devices with adware.
These apps do not have the additional privileges to configure themselves to run automatically after they get installed. Rather, they are dependent on the normal Android app installation flow. This process asks users to ‘Open’ an app after it is installed.
Moreover, these apps also don’t use an icon and have a UTF-8 character in the app’s label., This makes these apps harder to spot. However, this has both pros and cons as it also means if a user does not start the app after it’s installed, it likely won’t be launched at all.
How these apps are affecting devices
When launched, these apps display an error message which states that the “Application is unavailable in your region. Tap OK to uninstall.” In reality, the app doesn’t get uninstalled but simply sleeps for a couple of hours before registering two ‘intents’. This causes the app to launch when the device is booted or when the device is unlocked.
Bitdefender claims that to evade detection by the user, the latter intent is likely to be disabled for the first two days.
As users launch the app, a signal reaches out to the attackers’ servers and retrieves advertisement URLs to be displayed. These ads are either displayed in the mobile browser or as a full-screen WebView ad.
According to a report by the Romanian cybersecurity firm Bitdefender, these malicious apps have now been spotted using an anomaly detection feature which was added to the Bitdefender Mobile Security software last month.
“To date, Bitdefender has discovered 60,000 completely different samples (unique apps) carrying the adware and we suspect there is much more in the wild,” the cybersecurity firm warned.
As per the report, the campaign likely started in October 2022 and was distributed as fake security software, game cracks, cheats, VPN software, Netflix and utility apps on third-party sites. The malware campaign primarily targeted users in the US, South Korea, Brazil, Germany, the UK and France.
How apps are targeting users
These malicious apps weren’t available on Google Play and had been spread through third-party websites. These sites pop up in Google Search results and push users to download and install APKs and Android packages.
When users visit the sites, they are either redirected to websites showing ads or are asked to download the app they are searching for. These websites are designed specifically to distribute malicious Android apps and ss users install these spiked apps, they infect the Android devices with adware.
These apps do not have the additional privileges to configure themselves to run automatically after they get installed. Rather, they are dependent on the normal Android app installation flow. This process asks users to ‘Open’ an app after it is installed.
Moreover, these apps also don’t use an icon and have a UTF-8 character in the app’s label., This makes these apps harder to spot. However, this has both pros and cons as it also means if a user does not start the app after it’s installed, it likely won’t be launched at all.
How these apps are affecting devices
When launched, these apps display an error message which states that the “Application is unavailable in your region. Tap OK to uninstall.” In reality, the app doesn’t get uninstalled but simply sleeps for a couple of hours before registering two ‘intents’. This causes the app to launch when the device is booted or when the device is unlocked.
Bitdefender claims that to evade detection by the user, the latter intent is likely to be disabled for the first two days.
As users launch the app, a signal reaches out to the attackers’ servers and retrieves advertisement URLs to be displayed. These ads are either displayed in the mobile browser or as a full-screen WebView ad.
Currently, these malicious apps are only being used to display advertisements, but researchers have warned that the attackers can swap out the adware URLs for more malicious websites.
“Upon analysis, the campaign is designed to aggressively push adware to Android devices to drive revenue. However, the threat actors involved can easily switch tactics to redirect users to other types of malware, such as banking Trojans to steal credentials and financial information or ransomware,” Bitdefender warned.
How to safeguard
Though there have been reports about the presence of malicious apps on Google Play Store, Android smartphone users are advised not to install apps from third-party sources as they are a common space for spreading malware.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsBit.us is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
