Posted on April 25, 2021 at 8:11 AM
Experts have detected a sophisticated attack on Google Play Store that has been hiding since 2019. The attack has affected at least 1 million devices around the world.
Android has been suffering from multiple attacks in recent years. This is because the operating system is the largest in the world, which means that hackers pay more attention to it because of the large number of target victims.
Android users receive alert warnings now and then, informing them of malicious attacks found on online app stores. Besides, malicious apps have found a way of navigating around checks by Google to get listed on the Play Store. Security experts have released the latest warning in which they inform users of the most sophisticated malicious attack on android’s operating system.
A widespread fraud campaign
According to a report issued by Human Security, a sophisticated attack had been launched on android’s operating systems since 2019. Twenty-nine malicious android apps were located on Google PlayStore, the platform from which many android users download apps, rent movies, purchase e-books, and more.
Users who downloaded these apps would introduce software into their device, making their device look like a Smart TV to advertising companies. The devices would be linked to around 650 million advertisements every day that would play on the background, and advertisers would then pay, thinking that their ads were being displayed to real people. The hackers hence made a lot of money from the campaigns.
Users who downloaded these apps would notice higher data consumption when they had not connected their device over Wi-Fi. Besides, users who allowed these apps to run in their phone’s background noticed a slower performance of their devices.
The two leading apps that were highlighted in the report were Any Light and Sling Puck 3D. Any Light is a torch app that enabled users to change their phone’s flashlight to different colors. This app had over 10,000 downloads on Play Store. The two apps scammed advertisers by sending background commercials to devices.
According to the CEO of Human Security, the hackers took advantage of the recent shift to digital platforms. They were using the increased tech adoption to scam advertisers and technological platforms into believing their adverts were displayed to consumer devices. After the report, Google deregistered the 29 apps from Play Store.
Increased scamming activities on apps and streaming devices
Besides Google, other apps and streaming platforms have also increased scamming activities by malicious actors. Roku, a popular streaming platform, also detected 36 similar apps working in the same way as the apps detected on Google. The apps were also defrauding advertisers by claiming to show commercials. However, hackers on Roku did not make the high revenues that hackers made on android systems.
Experts have also stated that Roku and Android’s scams were clever enough to avoid detection by android and Roku systems. However, the experts also added that while the apps did not pose any threat to the devices, they reduced user’s trust in the Play Store.
The new technique of hiding these apps is expected to be implemented more and making these apps even harder to uncover. However, Google allocates many resources each year to keep off malicious apps from Play Store. The newly discovered apps have however proven hard to detect given their advanced nature.