Over 60,000 Android Apps Affected In A Hidden Malware Campaign

Posted on June 11, 2023 at 6:35 AM

Over 60,000 Android Apps Affected In A Hidden Malware Campaign

Bitdefender has identified a hidden malware campaign that exists undetected on mobile devices globally. The malware in question has been in existence for over six months. The hacking campaign launched by threat actors has been designed to install adware on Android devices with the goal of driving revenues for these hackers.

Over 60,000 Android apps targeted by malware

Bitdefender published a blog saying that the malware allowed threat actors to easily switch their tactics and redirect users to other forms of malware, including banking trojans, to steal user credentials and financial data.

Bitdefender has detected 60,000 unique Android apps that have been infected with this adware. The company also suspects that there could be more attacks happening in the wild. The malware in question has been in existence since October last year, and it targets users in Brazil, France, Germany, South Korea, the UK, and the US.

The cybersecurity firm also said that the high number of samples that were discovered by the hackers showed that the operation had been fully automated. This threat actor relies upon third-party apps to distribute malware. The report added that the hackers needed to urge users to download and install third-party apps. As such, these apps offer products and services that are not available in the official stores.

In some cases, these apps mimic the real ones that have been published on the Google Play Store. Some of the apps that have been mimicked by the malware include free VPN tutorials, game cracks, and games that contain unlocked features.

“The distribution is organic, as the malware appears when searching for these kinds of apps, mods, cracks, etc.,” the report by Bitdefender said. The firm has also said that mod apps have become increasingly popular on the internet, and in some cases, websites have been created to exclusively offer these kinds of services.

Mod apps operate as modified original applications, where the full functionality is unlocked. These apps also come with the ability to install changes on the initial programming. In cases where a user has opened a website from a Google search result of a mod app, they will be redirected to a random ad page. In some cases, the page will download malware instead of serving a legitimate purpose.

The hackers managed to avoid detection

The apps that contain malware operate as normal Android apps that are used for installation, and they prompt a user to launch a file after it has been installed. However, the malware is not configured to run on its own, as this could require more permissions.

Google no longer offers the ability to hide an app icon on Android devices after a launcher has been registered. However, the feature only works in cases where the launcher has been registered. To avoid having to comply with the requirement, malicious players will not register any launchers, and they will rely on the user and the default Android install behavior to launch for the first time.

After the malware has been installed, it will display a message saying that the application is no longer available. As such, a user will be tricked into believing that the malware was not installed.

The Bitdefender blog noted that the lack of an icon on the launcher and UTF-8 character made it hard for a user to detect and uninstall, which meant that a user would have a reduced likelihood of finding the app. After the app has been launched, it will communicate with the hacker servers to secure advertisements. URLs will be displayed within the mobile browser or in the form of a full-screen WebView ad.

This report comes at a time when Android devices are increasingly being targeted by hackers. In May, an Android software module containing spyware functionality known as SpinOk was detected by a cybersecurity company known as Doctor Web.

The malware in question gathers information on the files available on devices. The malware can later transfer these files to threat actors. It can also change and upload clipboard contents to a remote server. The Android apps with a SpinOk module with spyware features were installed more than 421 million times.

Another report published this week said that an additional 101 apps affected by the SpinOK Android malware distributed as an advertisement package were detected. The report by CloudSek said that out of these apps, 43 of them were still active on the Google Play Store, with some of them even having more than 5 million downloads.

Summary
Over 60,000 Android Apps Affected In A Hidden Malware Campaign
Article Name
Over 60,000 Android Apps Affected In A Hidden Malware Campaign
Description
A recently detected malware campaign has affected over 60,000 Android apps. The hacking campaign is designed to install adware on Android devices to increase revenues for hackers. The hackers also managed to compromise these devices while avoiding detection.
Author
Publisher Name
Koddos
Publisher Logo

Share this:

Related Stories:

Newsletter

Get the latest stories straight
into your inbox!

YOUTUBE

Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading