Security researchers have found dozens of Android apps in the Google Play store that contain malicious advertisements for victims in a money-making scheme.
ESET researchers found about 42 applications containing malicious ads, saying they had been downloaded more than 8 million times since their debut in July 2018.
The researchers explained that these applications appear normal, but behave in an offensive manner. Once a user has installed an application infected with malware, the app will display full-screen ads on the user's device at near random intervals. These applications often delete the test icon, making it even harder to remove. Malware-infected apps mimic apps like Facebook and Google to avoid suspicion, and are likely to use a way to get rid of the actual ad serving application and keep the app on the device for as long as possible.
In the background, apps also send data about the user's device - including whether certain apps are installed, and if the device allows apps from sources other than the app store - that can be used to install more malware on the device.
"The function of adware was the same in all the applications we analyzed," said Lucas Stefanko, an ESET security researcher.
The researchers also found that applications may check to see if the affected device is connected to Google's servers in an attempt to prevent detection. If apps think they are being tested by Google Play's security mechanisms, which apparently keep the app store free of malicious apps, they'll avoid detection.
According to ESET, malware-affected apps include Video Downloader Master, which has been downloaded more than 5 million times, and Ringtone Maker Pro, SaveInsta, and Tank Classic, which have been downloaded 500,000 times each.
The researchers say: The Vietnamese university student may be behind the campaign of malicious advertising. For its part, Google has removed all offending applications, but researchers have warned that many are still available from third-party app stores.
0 Comments