Technology
42 malicious apps affected 8 million Android users
London, Oct 25
Security researchers have detected a massive year-long adware campaign where the involved apps were installed on users' Android devices eight million times from Google Play alone.
Slovak internet security company ESET identified 42 apps on Google Play as belonging to the campaign, which had been running since July 2018. Of those, 21 were still available at the time of discovery.
"We reported the apps to the Google security team and they were swiftly removed. However, the apps are still available in third-party app stores," said the researchers in a statement on Thursday.
Once launched, the "Ashas" adware family app sent "home" key data about the affected device: device type, OS version, language, number of installed apps, free storage space, battery status, whether the device is rooted and Developer mode enabled, and whether Facebook and FB Messenger are installed.
"The app receives configuration data from the command and control server (C&C) server, needed for displaying ads, and for stealth and resilience," said security researcher Lukas Stefanko.
Once a user installed an adware-infected app, the app will show full-screen ads on the device's display at intervals.
First, the malicious app tries to determine whether it is being tested by the Google Play security mechanism.
After dodging Google servers, the malicious app can set a custom delay between displaying ads. Based on the server response, the app can also hide its icon and create a shortcut instead.
"If a typical user tries to get rid of the malicious app, chances are that only the shortcut ends up getting removed. The app then continues to run in the background without the user's knowledge. This stealth technique has been gaining popularity among adware-related threats distributed via Google Play," the researchers noted.
According to the team, students at a Vietnamese university may be behind the malicious adware app.
"Due to poor privacy practices on the part of our culprit's university, we now know his date of birth, we know that he was a student and what university he attended. We retrieved his University ID; a quick googling showed some of his exam grades," said researchers.
"The malicious developer also has apps in Applea¿s App Store. Some of them are iOS versions of the ones removed from Google Play, but none contain adware functionality," said Stefanko.
Slovak internet security company ESET identified 42 apps on Google Play as belonging to the campaign, which had been running since July 2018. Of those, 21 were still available at the time of discovery.
"We reported the apps to the Google security team and they were swiftly removed. However, the apps are still available in third-party app stores," said the researchers in a statement on Thursday.
Once launched, the "Ashas" adware family app sent "home" key data about the affected device: device type, OS version, language, number of installed apps, free storage space, battery status, whether the device is rooted and Developer mode enabled, and whether Facebook and FB Messenger are installed.
"The app receives configuration data from the command and control server (C&C) server, needed for displaying ads, and for stealth and resilience," said security researcher Lukas Stefanko.
Once a user installed an adware-infected app, the app will show full-screen ads on the device's display at intervals.
First, the malicious app tries to determine whether it is being tested by the Google Play security mechanism.
After dodging Google servers, the malicious app can set a custom delay between displaying ads. Based on the server response, the app can also hide its icon and create a shortcut instead.
"If a typical user tries to get rid of the malicious app, chances are that only the shortcut ends up getting removed. The app then continues to run in the background without the user's knowledge. This stealth technique has been gaining popularity among adware-related threats distributed via Google Play," the researchers noted.
According to the team, students at a Vietnamese university may be behind the malicious adware app.
"Due to poor privacy practices on the part of our culprit's university, we now know his date of birth, we know that he was a student and what university he attended. We retrieved his University ID; a quick googling showed some of his exam grades," said researchers.
"The malicious developer also has apps in Applea¿s App Store. Some of them are iOS versions of the ones removed from Google Play, but none contain adware functionality," said Stefanko.
3 hours ago
Vietnam boat accident: TN govt extends full support to victims and families
3 hours ago
Kerala couple among 15 Indians killed in Vietnam boat tragedy
4 hours ago
FIFA WC: 'Haaland is unstoppable in the box,' says Vieri ahead of Norway vs England quarterfinal
4 hours ago
FIFA WC: When and where to watch Argentina vs Switzerland, know all details
7 hours ago
Boat carrying Indian tourists capsizes in Vietnam, several killed
9 hours ago
Courtroom drama was on Kajal Aggarwal’s radar for a long time
9 hours ago
Television actor Rohit Chandel arrested for allegedly stalking, harassing a minor
9 hours ago
Matt Damon wants to collaborate with Shekhar Kapur
9 hours ago
India ranks 1st in milk production, 2nd in mobile, 3rd in auto globally: PM Modi in New Zealand
9 hours ago
Onion prices jump in Chennai as Maharashtra supply drops, traders warn of further rise
9 hours ago
FSSAI slaps Swiggy Instamart with 9 notices following consumer complaints
9 hours ago
Sabarimala Tantri designate opts out, cites ill health
9 hours ago
Correct script, pronunciation: Centre issues fresh guidelines for National Song, National Anthem
