More than two million Android users have been tricked into installing a set of malicious, phishing, and advertising apps via the Google Play store.
Dr. Web antivirus discovered that these apps were disguised as essential utilities and system optimizer tools. But, in reality, these apps are not utility tools, as they are malware disguised as legitimate apps as we hinted earlier.
The TubeBox app is exemplified by Dr. Web as one of the apps that have reached one million downloads in the Google Play Store in a short amount of time.
However, at the moment this app has been removed from the Google Play Store. While there seemed to be a noticeable rise in the number of banking trojans and apps that permit users to be spied on.
Watching videos and ads on TubeBox provides users with the opportunity to earn money. But, when it came to redeeming the rewards collected by the user, it presented various errors, as if the system had failed to deliver on its promises.
Other Adware Apps Detected
Here below we have mentioned the other adware apps that were detected by the antivirus company, Dr. Web:-
- App name: Bluetooth device auto-connect
- Publisher: bt auto-connect group
- Downloads: 1,000,000 downloads
- App name: Bluetooth & Wi-Fi & USB driver
- Publisher: simple things for everyone)
- Downloads: 100,000 downloads
- App name: Volume, Music Equalizer
- Publisher: bt autoconnect group)
- Downloads: 50,000 downloads
- App name: Fast Cleaner & Cooling Master
- Publisher: Hippo VPN LLC
- Downloads: 500 downloads
In order to load the websites that are specified by the threat actors in these commands, these malicious apps receive commands from Firebase Cloud Messaging. As a result, on infected devices, all these malicious apps generate deceitful ad impressions in an attempt to make monetary gains.
Interestingly, one of the remote operators was even able to configure an infected device to act as a proxy server in the case of Fast Cleaner & Cooling Master, which had a low number of downloads.
This enables threat actors to direct their illicit traffic via devices that are infected, and this complete mechanism is accomplished with the help of the proxy server that was created by the threat actors.
Loan Scam Apps
A set of loan scam applications was also discovered by Dr. Web, claiming to be affiliated with the following organizations:-
- Russian banks
- Investment groups
The average number of downloads on Google Play for each of the apps was 10,000. Here below we have mentioned the names of some of those apps:-
- Против санкций всей страной (The entire country against sanctions)
- Дарим 10 акций бесплатно (We grand 10 free shares)
- Заработайте уже во время обучения (Earn while you still learning)
- Я дам вам 100 000 USD, если вы не станете миллионером за 6 месяцев (I will give you 100 000 USD if you are not a millionaire in 6 months)
As a result of malvertizing advertisements in other apps, these apps were marketed as investment apps that were supposed to offer guaranteed profits. As a matter of fact, the apps redirect users to phishing websites that collect personal information from them.
Recommendations
You should always check the following things when downloading apps from Google Play to protect yourself from downloading malicious apps:-
- Always check for negative reviews.
- Make sure to scrutinize the privacy policy.
- Evaluate the authenticity of the developer by visiting the developer’s site.
- Make sure that your device has a minimum number of apps installed on it.
- The Play Protect feature of Google’s Play Store must be enabled in order for it to function properly.
Managed DDoS Attack Protection for Applications – Download Free Guide