On the Google Play Store, a fresh batch of 35 Android malware apps that show intrusive adverts have been downloaded over 2 million times by victims’ mobile devices.
Security researchers at Bitdefender discovered the apps by using a real-time behavior-based analysis technique to find the potentially harmful apps.
The apps use traditional strategies to trick users into installing them by appearing to offer some specific capability, but as soon as the installation is complete, their name and icon are changed, making them challenging to locate and uninstall.
From that point on, the malicious apps start serving obtrusive ads to users by abusing WebView, giving their owners bogus impressions and ad income.
Furthermore, since these apps load the advertising using their own framework, it would probably be easy to inject additional payloads on a hacked device.
hiding techniques
The adware apps use a variety of techniques to hide on Android, and they even get later upgrades to make it even simpler to do so, as Bitdefender notes in the research.
In order to avoid detection and deletion, the programmes often adopt a cog symbol and rename themselves as “Settings” after installation.
If the user taps the icon, the malware app is launched with a 0 size to remain hidden from view. The authentic Settings menu is then opened by the malware to deceive users into thinking they have opened the right application.
Sometimes the apps take on the appearance of Samsung, Motorola, or Oppo system apps.
To thwart attempts at reverse engineering, the malicious apps additionally use extensive code obfuscation and encryption. The core Java payload is concealed inside two encrypted DEX files.
In order to avoid being discovered by the user, the apps can also choose not to appear in the list of “Recent Apps,” even if they are running in the background.
popular apps that display adverts
Over two million Android users have downloaded the 35 fraudulent apps, with download counts ranging from 10,000 to 100,000.
The following are the most downloaded, with 100k downloads each:
Wallpapers Pack for Walls light (gb.packlivewalls.fournatewren)
Keyboard for large emoji 5.0 (gb.blindthirty.funkeyfour)
Elegant Backgrounds – 3D Backdrops 2.0 (gb.convenientsoftfiftyreal.threeborder)
Stock Wallpapers for engines can be found at gb.helectronsoftforty.comlivefour (gb.fiftysubstantiated.wallsfour)
2.0 of EffectMania’s photo editor (gb.actualfifty.sevenelegantvideo)
The Deep Photoeffect Art Filter 2.0 (gb.crediblefifty.editconvincingeight)
APK of Fast Emoji Keyboard (de.eightylamocenko.editioneights)
Create a Whatsapp sticker 2.0 (gb.convincingmomentumeightyverified.realgamequicksix)
Calculator with Camera Assistance 2.0 (gb.labcamerathirty.mathcamera)
Art Filter in Photopix Effects 2.0 (gb.mega.sixtyeffectcameravideo)
Keyboard With A Colorful Led Theme Animated Sticker Master 2.0 (gb.theme.twentythreetheme) (am.asm.master)
1.0 Sleep Sounds (com.voice.sleep.sounds)
Character Charging Show 1. (com.charging.show)
Image Warp GPS Location Finder Camera (smart.ggps.lockakt)
When this article was being written, “Walls lite – Wallpapers Pack,” “Animated Sticker Master,” and “GPS Location Finder” were still accessible on the Play Store.
Google has been informed by Bleeping Computer regarding this issue, and we will update this post as soon as we hear back.
The remaining listed apps can be found on a variety of third-party app stores, including APKSOS, APKAIO, APKCombo, APKPure, and APKsfull, however the download statistics are from when they were previously featured on the Play Store.
However, if you’ve ever downloaded any of these apps, you need to find them right away and delete them from your iPhone.
Running a mobile AV programme to locate and delete the apps can be helpful in this situation because the apps pose as Settings.