android adware
android adware

In a startling revelation, Romanian cybersecurity firm Bitdefender has uncover a massive adware campaign. It has gone undetected for the past six months. The firm’s anomaly detection feature, integrated into Bitdefender Mobile Security software, successfully detected over 60,000 malicious Android apps. These apps were disguised as legitimate applications.

A Silent Invasion of Adware

These deceptive apps have been quietly infiltrating mobile devices, evading detection. Bitdefender believes the number of such apps in circulation could be much higher than the discovered. The adware campaign is believed to have originated in October 2022. The malicious apps are distributed under the guise of fake security software, game cracks, cheats, VPN software, Netflix, and utility apps, primarily on third-party websites.

Predominantly Targeting Specific Countries

The malware campaign predominantly targets users in the United States. The other countries include South Korea, Brazil, Germany, the United Kingdom, and France. Targeting these regions, the threat actors behind the campaign aim to maximize their impact and potential revenue.

Stealthy Adware Installation Methods

These malicious apps are not hosted on the Google Play Store. But are instead found on third-party websites that appear in Google Search results. Users who visit these sites are either redirected to websites showing advertisements or prompted to download the desired app. The download sites are intentionally designed to distribute the malicious Android apps as APKs, which require manual installation.
Once installed, the adware does not immediately configure itself to run automatically, as that would require additional privileges. Instead, it relies on the standard Android app installation process, where users are prompted to ‘Open’ the app after installation. To make detection even more challenging, these apps do not have an icon. It uses a UTF-8 character in their label.

The Waiting Game

If the user fails to launch the app after installation, it lies dormant, making it less likely to be discovered. When the app is eventually launched, it displays an error message claiming it is “unavailable in your region.” It prompts the user to uninstall it. However, the app remains on the device, silently waiting for the right moment.
After a two-hour sleep period, the app registers two ‘intents,’ which cause it to launch with booted device. The researchers note that the second intent is disabled for the initial two days to avoid detection by the user.

Advertising for Revenue, but More Dangers Lurk

When launched, the app connects to the attackers’ servers to retrieve advertisement URLs displayed in the mobile browser or as full-screen WebView ads. Although the current focus of the adware is to generate revenue through aggressive advertising, the researchers caution that the threat actors could easily replace the adware URLs with more malicious websites.

Bitdefender warns that these cybercriminals could switch tactics and redirect users to other types of malware, such as banking Trojans or ransomware. This highlights the need for immediate action to address the adware campaign and prevent further damage.

Android Devices Vulnerable to Adware

Malware developers highly target Android devices because they can install applications from different sources other than the Google Play Store, where apps undergo stricter scrutiny. However, even on Google Play, malicious apps slip through the cracks, resulting in widespread distribution.

Just last week, researchers from Dr. Web and CloudSEK discovered a malicious spyware SDK that had been installed over 400 million times through apps available on Google Play. This incident serves as a reminder that although Google Play remains a relatively safer platform, it is crucial to exercise caution.

The Importance of App Source Verification

To ensure the security of Android devices, experts advise to install apps exclusively from the official Google Play Store. While Google Play also encounters its fair share of malicious apps, the risks associated with third-party sites are significantly higher. These sites often serve as common vectors for malware, making it essential to exercise caution and avoid downloading apps from untrusted sources.
By adhering to this best practice, users can certainly reduce the chances of falling victim to adware campaigns and other forms of malware. Additionally, regularly updating security software, such as Bitdefender Mobile Security, can offer an extra layer of protection against emerging threats.