Tuesday, October 8, 2024
HomeAdware50 Malicious Android Apps Bypassed Google Play Protection and Infected 30 Million...

50 Malicious Android Apps Bypassed Google Play Protection and Infected 30 Million Android Users

Published on

More than 50 malicious apps with more than 30 Million installations found on Google play, that display annoying ads and in some cases, it convinces the user to install other apps.

According to Avast, all the malicious apps are linked together using the third party Android libraries to bypasses background restrictions with the newer versions of Android.

These libraries referred to as “TsSdk” and it displays the more and more annoying ads which are against Play Store policy.

- Advertisement - EHA

Avast research found that the malicious apps were installed more than 30 million times from Google Play before it was removed.

50 Malicious Apps on Google Play

Two versions of adware spotted, the version A installed more than 3.6 million times. The adware included in following apps simple games, fitness, and photo editing apps.

These apps found mostly installed in India, Indonesia, Philippines, Pakistan, Bangladesh, and Nepal.

“Version A is not very well obfuscated and the adware SDK is easy to spot in the code. It is also the less prevalent of the two versions. Some variants of version A also contain code that downloads further applications, prompting the user to install them, ” reads Avast blog post.

version B of TsSdk installed nearly 28 million times, the adware includes fitness and music apps. These apps often downloaded in Philippines, India, Indonesia, Malaysia, Brazil, Nepal, and Great Britain.

Once installed it shows ads within the first hour of the installation and then at frequent intervals. For the first four hours, it shows full-screen ads and then randomly like 15 minutes, 30 minutes and 45 minutes once.

Version B doesn’t seem to work on Android version 8.0(Oreo), due to recent changes in background service management. Full list of the malicious app can be found here.

Common Defences and Mitigations

  • Give careful consideration to the permission asked for by applications.
  • Download applications from trusted sources.
  • Stay up with the latest version.
  • Encrypt your devices.
  • Make frequent backups of important data.
  • Install anti-malware on their devices.
  • Stay strict with CIA Cycle.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Also Read:

Hackers Deliver Banking Malware Through Password Protected ZIP File

Organized Cybercrime – Hacker Groups Work Together To Distribute Banking Malware Globally

Fileless Banking Malware Steals User Credentials, Outlook Contacts, and Installs Hacking Tool

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Badge and CyberArk Announce Partnership to Redefine Privacy in PAM and Secrets Management

Partnership aims to help businesses eliminate vulnerable attack surfaces and provide a more streamlined...

LemonDuck Malware Exploiting SMB Vulnerabilities To Attack Windwos Servers

The attackers exploited the EternalBlue vulnerability to gain initial access to the observatory farm,...

Critical Automative 0-Day Flaws Let Attackers Gain Full Control Over Cars

Recent discoveries in the automotive cybersecurity landscape have unveiled a series of critical zero-day...

Likho Hackers Using MeshCentral For Remotely Managing Victim Systems

The Awaken Likho APT group launched a new campaign in June of 2024 with...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

LemonDuck Malware Exploiting SMB Vulnerabilities To Attack Windwos Servers

The attackers exploited the EternalBlue vulnerability to gain initial access to the observatory farm,...

Likho Hackers Using MeshCentral For Remotely Managing Victim Systems

The Awaken Likho APT group launched a new campaign in June of 2024 with...

Hackers Gained Unauthorized Network Access to Casio Networks

Casio Computer Co., Ltd. has confirmed that a third party illegally accessed its network...