More Than 60,000 Android Apps Contain Adware That Has Remained Undetected For Six Months

Posted on June 7, 2023 at 6:33 AM

More Than 60,000 Android Apps Contain Adware That Has Remained Undetected For Six Months

More than 60,000 Android apps that have been disguised as legitimate applications have been installed adware on mobile devices. These apps have been running undetected over the past six months, and their discovery adds to the long list of security vulnerabilities within the Android system.

Over 60,000 Android apps secretly install adware

The discovery of malware in these apps was revealed by a Romanian cybersecurity company known as Bitdefender. The cybersecurity firm detected malicious apps that use a feature that detects any anomalies and integrated within the Bitdefender Mobile Security software last month.

Bitdefender released a statement on the matter, saying that to date, Bitdefender had detected 60,000 different samples of applications that contain this adware. The company has also said that there is a likelihood that more similar apps exist.

The campaign in question commenced in October last year. This campaign is currently being distributed as fake security software, cheats, game cracks, VPN software, Netflix, and utility apps that exist on third-party sites. The malware campaign conducted by the threat actors also targets users in the US. It also targets those based in Brazil, France, Germany, South Korea, and the United Kingdom.

The malicious apps in question are not hosted on the Google Play Store, but they exist on third-party websites on the Google search engine. The apps promote APKs or Android packages that will allow a user to install the mobile apps manually.

When a user is visiting these infected sites, they will either be redirected to the websites that display the advertisements or they will be prompted to download a searched-for application. The download sites will also be created to distribute the malicious Android apps in the form of an APK so that when it is installed, it will infect the Android devices with adware.

How the adware campaign is working

When an app has been installed on a user’s device, it will not configure itself to run automatically because doing so will require additional permissions. Instead, this app will use the normal Android app installation flow that will prompt a user to launch an app immediately after the installation process is over.

These malicious apps also do not use an icon, and they contain a UTF-8 character within the app’s label, which helps them avoid detection. However, in cases where a user does not launch an app after it has been installed, it will likely not be launched thereafter.

If the app is launched, it will display an error message that states that the application is no longer available in a certain region, after which the app will prompt the user to uninstall it. However, the app will not be uninstalled. Instead, it will remain dormant for two hours, after which it creates two “intents” that force it to launch after the device has been started or when it is unlocked.

After the app has been launched, it will go to the attackers’ servers and fetch the advertisement URLs that will be displayed within the mobile browser or as a WebView ad that can be viewed on a full screen.

Malicious applications are currently being used to display advertisements. However, cybersecurity researchers have warned that it is possible for threat actors to swap out the adware URLs with other malicious websites.

The Romanian security firm Bitdefender further said that

Upon analysis, the campaign is designed to aggressively push adware to Android devices with the purpose of driving revenue. However, the threat actors involved can easily switch tactics to redirect users to other types of malware such as banking Trojans to steal credentials and financial information or ransomware.

Malware developers usually target Android devices because these devices are not capable if installing applications outside of the Google Play Store, where they will not be properly assessed for malware. However, hackers have continued looking for ways to avoid detection even on the Google Play Store, which enables the distribution of these malicious apps.

During the past week, researchers working at Dr.Web and CloudSEK have detected a malicious spyware known as SDK that has been installed more than 400 million times on Android devices from apps running on the Google Play Store.

Google Play Store is a platform that still contains malicious applications. However, it is important that one installs their Android apps from the official Android store as it is a safer alternative. It is also not recommended for one to install Android apps from third-party websites because such sites are known for distributing malware.

Summary
More Than 60,000 Android Apps Contain Adware That Has Remained Undetected For Six Months
Article Name
More Than 60,000 Android Apps Contain Adware That Has Remained Undetected For Six Months
Description
Over 60,000 Android devices contain adware. These malicious apps have been running over the last six months. Bitdefender has said that there is a possibility that more similar apps exist.
Author
Publisher Name
Koddos
Publisher Logo

Share this:

Related Stories:

Newsletter

Get the latest stories straight
into your inbox!

YOUTUBE

Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading