News

60,000 Android apps distributed adware

Security Parrot Editorial Team

60,000 Android Apps Found to be Installing Adware Silently

Analysts at Bitdefender have discovered a malicious campaign that has been active since October 2022, where more than 60,000 Android apps disguised as legitimate products were silently installing adware on users’ devices. This campaign has gone unnoticed for six months.
“To date, Bitdefender has detected 60,000 different samples (unique applications) containing adware, and we suspect that in fact there are many more,” experts warn.

Malware Distribution

Malicious apps are not listed on Google Play, but are distributed through third-party sites in the form of APKs. When visiting these sites, victims are either redirected to sites with advertisements or prompted to download the application they are looking for.
The malware is distributed under the guise of security software, cracks and cheats for games, VPN services, hacked versions of YouTube and Netflix, and various utility applications. These attacks mainly target users in the US, South Korea, Brazil, Germany, the UK, and France.

Sneaky Tactics

When an application is installed, it attempts to sneak into autostart, as this would require additional privileges. Instead, it relies on the normal Android app installation process, which prompts users to launch the app after installing it. Experts note that this is a double-edged sword, because if the user does not launch the application after installation, it will probably not be launched at all.
The report also notes that apps don’t have icons and use UTF-8 characters to make them harder to detect.
If the victim does launch the app, it will display an error saying that the app doesn’t work in that region, after which the victim will be prompted to click on the “OK” button to delete. In fact, after pressing the button, the application is not deleted, but simply “falls asleep” for two hours, and then registers two intents (intent) that will allow it to run when the device is loaded or unlocked.
As a result, the application communicates with the servers of its operators and receives advertising URLs, which will be used in a mobile browser or as full-screen advertising through WebView.

Potential Risks

While the discovered apps are currently being used solely to serve ads, the researchers warn that attackers could replace adware URLs with other malicious sites at any time.
Bitdefender notes that the last intent is disabled for the first two days, which helps avoid user detection. However, users should be aware of the potential risks of downloading apps from third-party sites, and should always exercise caution when downloading and installing applications.

Weekly Updates For Our Loyal Readers!

Share this Article
Lost your password?