Tuesday, April 29, 2025
HomeAdware50 Malicious Android Apps Bypassed Google Play Protection and Infected 30 Million...

50 Malicious Android Apps Bypassed Google Play Protection and Infected 30 Million Android Users

Published on

SIEM as a Service

Follow Us on Google News

More than 50 malicious apps with more than 30 Million installations found on Google play, that display annoying ads and in some cases, it convinces the user to install other apps.

According to Avast, all the malicious apps are linked together using the third party Android libraries to bypasses background restrictions with the newer versions of Android.

These libraries referred to as “TsSdk” and it displays the more and more annoying ads which are against Play Store policy.

- Advertisement - Google News

Avast research found that the malicious apps were installed more than 30 million times from Google Play before it was removed.

50 Malicious Apps on Google Play

Two versions of adware spotted, the version A installed more than 3.6 million times. The adware included in following apps simple games, fitness, and photo editing apps.

These apps found mostly installed in India, Indonesia, Philippines, Pakistan, Bangladesh, and Nepal.

“Version A is not very well obfuscated and the adware SDK is easy to spot in the code. It is also the less prevalent of the two versions. Some variants of version A also contain code that downloads further applications, prompting the user to install them, ” reads Avast blog post.

version B of TsSdk installed nearly 28 million times, the adware includes fitness and music apps. These apps often downloaded in Philippines, India, Indonesia, Malaysia, Brazil, Nepal, and Great Britain.

Once installed it shows ads within the first hour of the installation and then at frequent intervals. For the first four hours, it shows full-screen ads and then randomly like 15 minutes, 30 minutes and 45 minutes once.

Version B doesn’t seem to work on Android version 8.0(Oreo), due to recent changes in background service management. Full list of the malicious app can be found here.

Common Defences and Mitigations

  • Give careful consideration to the permission asked for by applications.
  • Download applications from trusted sources.
  • Stay up with the latest version.
  • Encrypt your devices.
  • Make frequent backups of important data.
  • Install anti-malware on their devices.
  • Stay strict with CIA Cycle.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Also Read:

Hackers Deliver Banking Malware Through Password Protected ZIP File

Organized Cybercrime – Hacker Groups Work Together To Distribute Banking Malware Globally

Fileless Banking Malware Steals User Credentials, Outlook Contacts, and Installs Hacking Tool

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Blinded from Above: How Relentless Cyber-Attacks Are Knocking Satellites Out of Sight

According to the Center for Strategic & International Studies' (CSIS) 2025 Space Threat Assessment,...

Google Chrome Vulnerability Allows Attackers to Bypass Sandbox Restrictions – Technical Details Revealed

A severe vulnerability, identified as CVE-2025-2783, has been discovered in Google Chrome, specifically targeting...

Threat Actors Accelerate Transition from Reconnaissance to Compromise – New Report Finds

Cybercriminals are leveraging automation across the entire attack chain, drastically reducing the time from...

ResolverRAT Targets Healthcare and Pharmaceutical Sectors Through Sophisticated Phishing Attacks

A previously undocumented remote access trojan (RAT) named ResolverRAT has surfaced, specifically targeting healthcare...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Blinded from Above: How Relentless Cyber-Attacks Are Knocking Satellites Out of Sight

According to the Center for Strategic & International Studies' (CSIS) 2025 Space Threat Assessment,...

Google Chrome Vulnerability Allows Attackers to Bypass Sandbox Restrictions – Technical Details Revealed

A severe vulnerability, identified as CVE-2025-2783, has been discovered in Google Chrome, specifically targeting...

Threat Actors Accelerate Transition from Reconnaissance to Compromise – New Report Finds

Cybercriminals are leveraging automation across the entire attack chain, drastically reducing the time from...