Sunday, October 6, 2024
HomeAdwareBeware!! Top Android VPN's with 500 Million+ Installs Pushing Adware to Android...

Beware!! Top Android VPN’s with 500 Million+ Installs Pushing Adware to Android Users

Published on

The researcher discovered a four most popular VPN for Android that installed over 500 million users committing ad fraud and pushing unusual ads in users device to generate revenue.

The four most popular Android VPN’s are HotSpot VPN, Free VPN Master, Secure VPN, CM SecurityApplock AntiVirus that are pushing the pop up ads even when the apps are running in the device background and also generates frequent HTTP request which overheats the phone and drain battery.

There are several adware incidents reported in the past few months, and it’s rapidly growing to exclusively target the Android users to generate millions of dollars revenue.

- Advertisement - EHA

VPN products are used by hundreds of millions of users around the globe to ensure users privacy while roaming on the internet. At the same time, some VPN companies that are listed above are taking advantage of the user’s device accessibility and gain more fraudulent benefits.

A Total of 500,000,000+ downloads are recorded in Play Store. All these 4 apps contain a code that indicates how ad frauds are usually behaving. There is no surprise that the app developers are from China.

Adware Behavior of 4 VPN Apps

Hotspot VPN 

A quite famous VPN with the name of Hotspot VPN – Free Unlimited Fast Proxy VPN caught for using the advertisement API from Google with Identified packages and code which “indicated adware” during the analysis that “they” can show advertisements anytime it wants.

During its malicious behavior, it was accessing the various websites as following.

  • adlog.flurry.com
  • ads.mopub.com
  • conf.daydayup.today
  • doc.app.unitemagic.com
  • fv.app.unitemagic.com
  • play.google.com
  • www.example.com
  • www.facebook.com
  • www.google.com
  • www.yahoo.com
  • adlog.flurry.com
  • csi.gstatic.com/csi
  • imasdk.googleapis.com
  • pagead2.googlesyndication.com
  • twitter.com
  • www.mopub.com

It was filling the complete screen of the phone even when the application was running in the background.

Free VPN Master 

This VPN is advertised with the name of Unlimited Free & Super VPN Proxy. It aggressively pops up the ads over the various apps including Whatsapp, chrome, and more.

According to Andy Michael from VPN Testing,  slight modifications in the name of packages in order to get a different hash for both apks due to the fact that once they were reversed they had the same code and were obfuscated with the same tool. 

Secure VPN

This VPN advertised with the name of Unlimited Free & Super VPN Proxy and it aggressively pop up the apps over the various apps including Whatsapp, chrome, and more.

Researchers found the list of classes that manage the process of getting and showing ads which considers events, the render of the Ad, the request and how to show the Ad.

Security Master by Cheetah Mobile

With the name of App Lock & AntiVirus, the VPN Security Master is prompt the unwanted ad even if the app working in background and trick user to click on it to generate revenue.

VPN Security Master is promoting ads that were found from ad services such as AirBnB, Facebook GitHub, Google, unity3d, and others.

You can find the complete analysis here.

“This application takes it a step further. Instead of constantly showing the ads the app leverages its enormous user base and intrudes less often and randomly (See figure 2. byte code). It uses a more sophisticated approach by popping up the app instead and showing the ads immediately after you try to get back to the home screen.” Andy concluded.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Cloud Penetration Testing Checklist – 2024

Cloud Penetration Testing is a method of actively checking and examining the Cloud system...

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed "perfctl," actively targeting millions of Linux...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

6 Best Ad Blockers for Android Devices in 2024 to Stop Annoying Ads

Ad-blocking software is one of the most convenient types of software available, helping users...

How does an ad blocker apk work & How does it protect your information?

Did you know that the average Internet user sees about 7,000 advertisements per day?...

Beware!! New Ad-Blocking Chrome Extension That Injects Malicious Ads

A new malicious browser extension, known as AllBlock has been detected to be injecting...