Over 60K Adware Apps Posing as Cracked Versions of Popular Apps Targeting Android Devices


June 06, 2023Ravie LakshmananMobile Security / Malvertising

adware application

Thousands of adware apps for Android were found to be masquerading as cracks or modified versions of popular apps to divert users into serving them unwanted advertisements as part of a campaign that took place since October 2022.

“This campaign is designed to aggressively push adware to Android devices with the aim of driving revenue,” said Bitdefender in a technical statement. report shared with The Hacker News. “However, the threat actors involved can easily change tactics

redirect users to other types of malware such as banking Trojans to steal credentials and financial information or ransomware.”

The Romanian cybersecurity firm says it has found 60,000 unique apps carrying adware, with most of the detections located in the US, South Korea, Brazil, Germany, UK, France, Kazakhstan, Romania and Italy.

Cyber ​​security

Please note that none of the apps are distributed via the official Google Play Store. Instead, users who search in search engines for apps such as Netflix, PDF viewers, security software, and cracked versions of YouTube are redirected to advertisement pages hosting malware.

The application, once installed, has no icon or name to avoid detection. What’s more, users who launch the app for the first time after installation will display the message “The app is not available in your area from where the app works. Tap OK to uninstall”, while silently activating malicious activity in the background.

The modus operandi is another area of ​​note where the adware’s behavior remains dormant for the first few days, after which it awakens when the victim unlocks the phone to serve full screen ads using Android WebView.

The find comes as cybersecurity firm CloudSEK disclosed it has identified a rogue SpinOK SDK – which was revealed by Doctor Web last month – in 193 apps in the Google Play Store that have been downloaded 30 million times.


🔐 Mastering API Security: Understanding Your True Attack Surface

Discover untapped vulnerabilities in your API ecosystem and take proactive steps towards tight security. Join our insightful webinar!

Join a Session

On the surface, the SpinOk module is designed to maintain user interest in the app with the help of mini-games and tasks to win presumed prizes. But look inside, the trojan has functions to steal files and replace clipboard content.

In a related development, Capture Labs’ SonicWall Threat research team also discovered another type of Android malware that mimics legitimate applications to retrieve various information from compromised handsets by abusing the operating system’s accessibility services.

adware application

“These features allow attackers to access and steal valuable information from victims’ devices, which can lead to various types of fraud, including financial fraud, and identity theft,” SonicWall said.

Found this article interesting? Follow us on Twitter And LinkedIn to read more exclusive content we post.


Source link

Related Articles

Back to top button