The company Bitdender announces that no less than 60,000 cloaked Android applications have secretly installed adware on mobile devices in the last six months. As you will see, some application categories are more at risk than others.
Last month, Bitfender added an anomaly detection feature to its Bitdefender Mobile Security software. The latter identified 60,000 unique adware apps installed on Android devices without the knowledge of their users.
A global threat flying under the radar
Adware is malicious software (malware) that lurks on your devices and generates revenue for its authors by displaying advertisements. It can also hijack your browser, redirect you on dubious websites, install toolbars, extensions or plugins and track your activities for advertisers. These are all elements that can affect your user experience, security and privacy.
Geographic distribution of the Android malware campaign. – Source: Bitdefender
This massive malware campaign detected by Bitdefender would have started in October 2022. It would mainly affect the United States (55.27%), but also other countries such as South Korea (9.8%), Brazil (5.96%), Germany (2.93%). %) and even France (2.56%) are not spared.
Here are the types of applications this malware hides behind:
- apps for cheating games,
- games with unlocked features,
- free vpn,
- fake videos,
- netflix,
- fake Tutorials,
- YouTube / TikTok without ads,
- Cracked Utilities: PDF Reader, Weather, etc.
- Fake security programs.
In order to bypass the security systems implemented on Google Play, this malware appears directly in the search engine results in the form of APK files that need to be installed manually. Once on the devices, they infect Android devices with adware.
Cleverly hidden Android apps
When installing a downloaded application, the final screen in the process is an “Open” button. This allows the app to be installed on the device without appearing in the Android launcher. Then an error message will appear saying “The application is not available in your region.” Press “OK to uninstall it”.
The app is never actually uninstalled, just hibernated for two days before being activated. It then fetches advertising URLs from remote servers to display them in your mobile browser.
Aside from missing the app from the Android launcher, the icon only uses UTF-8 characters, making it even more difficult to spot in the app list. Also, it’s always at the bottom of the list, as you can see below.
Yes, it’s the app at the bottom. – Source: Bitdefender
In addition, Bitdefender researchers warn about the ability of such software to install more than just ads.
“Threat actors can easily change their tactics to redirect users to other types of malware, such as banking Trojans to steal credentials and financial information, or ransomware.” »
Malware developers particularly value Android devices on which applications can be installed outside of the Play Store. However, this does not prevent certain malware from evading Google’s official security system, such as these 101 infected applications on Google Play.
Finally we know why Android users are switching to iPhone
However, we recommend that you always use the official store to download your applications. Although the risk is not zero, you are always better protected than when you search for APK files elsewhere on the internet.
Source: Bitdefender