Researchers Detect Applications With 2.5 Million Installs On Google Play Store

Posted on August 8, 2023 at 9:13 AM

Researchers Detect Applications With 2.5 Million Installs On Google Play Store

43 malicious Android applications have infiltrated the Google Play Store app marketplace. These applications have 2.5 million installs and secretly promote advertisements when the phone screen is turned off. As such, the malicious applications will continue draining the phone’s battery.

Malicious Android apps run ads when the phone screen is off

Google Play Store has been a victim of a wide range of malicious campaigns to compromise the targeted devices. A McAfee Mobile Research Team report noted that more malicious applications continue to run on the app marketplace.

The McAfee Mobile Research Team reported these malicious applications to Google, saying that they violated the policies of the Google Play Store. Tech giant Google has already removed these apps from the Google Play Store.

The majority of these malicious applications were media streamlining applications and news aggregators. Most of these apps also appeared to target users that understood Korean. While the target audience seems to be specific, the technique used by the threat actors to run this campaign might easily apply across other app categories, with such apps targeting diverse demographics.

The malicious applications identified by the McAfee security team said these applications are operating as adware. These applications pose a risk to users despite the primary goal of these tools being to run ads that affect the operations of the targeted devices.

The adware poses a risk to the users when they create a door to the potential user profiling risk. They also exhaust the battery life of the compromised device while consuming a vast amount of internet data. Such apps also orchestrate fraudulent campaigns against advertisers by providing advertisement data that has not been generated appropriately and fails to meet the intended purpose.

Malicious apps on Google Play Store

Google Play Store has been ridden with many malicious apps. While the app marketplace usually reviews any potential threats and removes the apps that might potentially cause harm to users, most times, these apps are removed when it is already too late to protect users.

After the malicious applications have been installed on a user’s device, the adware waits several weeks before commencing the ad-fraud activity. The activity will deceive users while avoiding detection by reviewers on Google. The stealth campaign allowed these ads to operate long while achieving 2.5 million downloads.

The researchers at McAfee said that the adware configuration can be modified remotely and updated through the Firebase Storage and Messaging systems. As such, the developers behind such malicious applications can change the period that these apps have remained dormant and any other features.

Android devices usually have a power-saving feature that allows the app to operate on standby mode. The app can run in this mode whenever a device is not used. This technique prevents the app from running in the background. The app also uses the targeted device’s CPU, memory, and network resources to run these hacking attacks.

When malicious adware apps have been installed on the targeted devices, the users will be urged to integrate these apps, which will be used as an exclusion to the Android power-saving system. This allows the malicious applications to run in the background, affecting the device’s performance where these apps have been installed.

The exclusion will also ensure that the adware apps identify and load advertisements even when the screen of the targeted device is turned off. The activity generates revenues fraudulently while hiding what has been happening within these apps.

The McAfee research noted that there was a likelihood that users might have a glimpse of the loaded ads when they switch on the device’s screen before the ads are automatically turned off. However, a user can easily detect these ads in cases where there is a high battery consumption level.

Users can monitor the apps that consume the most energy on an Android device on the Settings feature of their device. On the Battery Usage setting, the users can see the total battery usage of the targeted devices.

McAfee also said that the adware apps seek permission before drawing over other applications. Such techniques are usually seen in banking trojans that overlay phishing pages atop legitimate e-banking applications. However, phishing activity was not detected in this adware campaign.

Android users have been advised to monitor reviews before installing apps. They have also been urged to check any requested permissions while installing new apps to ensure that they do not have permissions that might affect the targeted devices.

Summary
Researchers Detect Applications With 2.5 Million Installs On Google Play Store
Article Name
Researchers Detect Applications With 2.5 Million Installs On Google Play Store
Description
Researchers have detected 43 malicious Android applications. These applications have 2.5 million installs and promote ads when the phone's screen is turned off. The malicious apps later drain the phone's battery.
Author
Publisher Name
Koddos
Publisher Logo

Share this:

Related Stories:

Aug 17, 2023
Hackers Are Hiding Malware Within Legitimate Services Such As Slack And Trello
Aug 16, 2023
Info-Stealing Malware Exposes More Than 100,000 Hacking Forums  
Koddos

Newsletter

Get the latest stories straight
into your inbox!

Popular Articles

Aug 30, 2023
Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings
Aug 29, 2023
Compromised routers allowed online criminals to target Pentagon contract site
Aug 28, 2023
1.2 million customers of Mom’s Meals were affected after the recent data breach
Aug 28, 2023
How VPNs Can Defend Against the Threat of Hacking
Aug 23, 2023
Terra Developers Shut Down Website Amid A Phishing Campaign

YOUTUBE

Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading