Thursday, July 18, 2024
EHA

17 Malicious Android Apps Discovered in Google Play Store that Infects 550,000 Android Devices

Researchers discovered 17 malicious Android apps from the Google play store that infects nearly 550,000 Android devices around the world.

These malicious app developers added features to hide their presence on the user’s device, and constantly display aggressive ads once the app gets installed on the victims android devices.

The adware programs will tend to serve unwanted advertisements on your mobile phone and computer. The adware can be included with some apps in a legitimate way to generate revenue.

Adware was a trending threat in 2019 and continuously evolving in 2020 especially targeting Android users, and it is a sweet spot for cybercriminals due to the over popularity of Android.

All the 17 nasty apps that discovered in Google play store installed 550,000 times in total, and these are found that it was bypassed the Google play protect and flying under the Google security radar.

Malicious Apps Activities

Researchers analysed one of the apps in the list, a racing simulator that offers in-app payments for extra in-game features.

The app randomly generates popup ads the user is not playing the game and hides for some time following the installation and the ads display pattern is very hard to recognize.

The app comes with the 2 component and the first component has the malicious code and the second component is an actual game.

According to the Bitdefender research, In terms of registered receivers, the first one is for android.intent.action.BOOT_COMPLETED. When the broadcast is received, the app will begin an activity, which starts a job scheduler for showing ads.  The scheduled service starts after 10 minutes and shows an ad only once.

Cybercriminals using modified Adware SDK to the randomness of ad occurrences and display time intervals.

In other versions, including versions that were at some point on Google Play, requests to the ad web sites also contain sensitive information about the user, such as phone model, IMEI, IP address, MAC address, and location information.

Mobile users are strongly recommended to install the security solution on their devices to identify the riskware and malware and other potentially malicious apps as well as phishing or fraudulent websites.

Also, Never download the apps from third-party app stores and research the app before installing it. Here you can find the best Adware Removal Tool to Block Annoying Ads.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates

Website

Latest articles

Octo Tempest Know for Attacking VMWare ESXi Servers Added RansomHub & Qilin to Its Arsenal

Threat actors often attack VMware ESXi servers since they accommodate many virtual machines, which...

TAG-100 Actors Using Open-Source Tools To Attack Gov & Private Orgs

Hackers exploit open-source tools to execute attacks because they are readily available, well-documented, and...

macOS Users Beware Of Weaponized Meeting App From North Korean Hackers

Meeting apps are often targeted and turned into weapons by hackers as they are...

Hackers Exploiting Legitimate RMM Tools With BugSleep Malware

Since October 2023, MuddyWater, which is an Iranian threat group linked to MOIS, has...

Cybercriminals Exploit Attack on Donald Trump for Crypto Scams

Researchers at Bitdefender Labs remain ever-vigilant, informing users about the latest scams and internet...

New TE.0 HTTP Request Smuggling Flaw Impacts Google Cloud Websites

HTTP Request Smuggling is a flaw in web security that is derived from variations...

Volcano Demon Group Attacking Organizations With LukaLocker Ransomware

The Volcano Demon group has been discovered spreading a new ransomware called LukaLocker, which...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles