It was revealed that more than 60,000 applications for the Android platform disguised as legitimate products secretly installed adware on devices in the last six months and went unnoticed. The Romanian company Bitdefender, which works in the field of information security, managed to detect them and last month it introduced a new anomaly detection feature in its Bitdefender Mobile Security antivirus.
“To date, Bitdefender has detected 60,000 completely different samples (unique apps) containing adware, and we suspect there are many more in reality.”said Bitdefender in a post.
It is understood that a large-scale campaign to distribute fake applications that secretly download adware onto user devices started in October last year. Experts have noticed that such software most often impersonates antivirus applications, game hacking utilities, VPN clients, various utilities, etc. This software is mainly aimed at users from USA as well as South Korea, Brazil, Germany, UK UK and France.
As part of this campaign, fake apps are distributed via third-party websites rather than the official digital content store Google Play Store. Once such an application is installed on the user’s device, it will not be launched automatically as it requires additional permissions. Instead, it aims to ensure that the user runs the installed application at least once.
When launching the application, an error message appears: “The application is not available in your region.” Click “OK” to delete it.” Instead, however, a function is activated that allows the application to start at device boot or at unlock the screen. What is strange is that it does not start working immediately, but only after a few hours. Of course, this is done so that the user does not suspect that a recently installed and, according to him, deleted application appeared in advertising content. Once activated, the application connects to a server controlled by the attackers and from there receives links for subsequent display of advertising messages in full-screen mode.
Although currently fake apps are used to display advertisements, these can easily be replaced with malicious websites that are not safe to visit. Experts advise users to refuse installation of applications from third-party sources to reduce the risk of device malware infection.