Android: How malicious Android apps are generating revenue for hackers – Times of India
According to a report by the Romanian cybersecurity firm Bitdefender, these malicious apps have now been spotted using an anomaly detection feature which was added to the Bitdefender Mobile Security software last month.
“To date, Bitdefender has discovered 60,000 completely different samples (unique apps) carrying the adware and we suspect there is much more in the wild,” the cybersecurity firm warned.
As per the report, the campaign likely started in October 2022 and was distributed as fake security software, game cracks, cheats, VPN software, Netflix and utility apps on third-party sites. The malware campaign primarily targeted users in the US, South Korea, Brazil, Germany, the UK and France.
How apps are targeting users
These malicious apps weren’t available on Google Play and had been spread through third-party websites. These sites pop up in Google Search results and push users to download and install APKs and Android packages.
When users visit the sites, they are either redirected to websites showing ads or are asked to download the app they are searching for. These websites are designed specifically to distribute malicious Android apps and ss users install these spiked apps, they infect the Android devices with adware.
These apps do not have the additional privileges to configure themselves to run automatically after they get installed. Rather, they are dependent on the normal Android app installation flow. This process asks users to ‘Open’ an app after it is installed.
Moreover, these apps also don’t use an icon and have a UTF-8 character in the app’s label., This makes these apps harder to spot. However, this has both pros and cons as it also means if a user does not start the app after it’s installed, it likely won’t be launched at all.
How these apps are affecting devices
When launched, these apps display an error message which states that the “Application is unavailable in your region. Tap OK to uninstall.” In reality, the app doesn’t get uninstalled but simply sleeps for a couple of hours before registering two ‘intents’. This causes the app to launch when the device is booted or when the device is unlocked.
Bitdefender claims that to evade detection by the user, the latter intent is likely to be disabled for the first two days.
As users launch the app, a signal reaches out to the attackers’ servers and retrieves advertisement URLs to be displayed. These ads are either displayed in the mobile browser or as a full-screen WebView ad.
Currently, these malicious apps are only being used to display advertisements, but researchers have warned that the attackers can swap out the adware URLs for more malicious websites.
“Upon analysis, the campaign is designed to aggressively push adware to Android devices to drive revenue. However, the threat actors involved can easily switch tactics to redirect users to other types of malware, such as banking Trojans to steal credentials and financial information or ransomware,” Bitdefender warned.
How to safeguard
Though there have been reports about the presence of malicious apps on Google Play Store, Android smartphone users are advised not to install apps from third-party sources as they are a common space for spreading malware.
function loadGtagEvents(isGoogleCampaignActive) { if (!isGoogleCampaignActive) { return; } var id = document.getElementById('toi-plus-google-campaign'); if (id) { return; } (function(f, b, e, v, n, t, s) { t = b.createElement(e); t.async = !0; t.defer = !0; t.src = v; t.id = 'toi-plus-google-campaign'; s = b.getElementsByTagName(e)[0]; s.parentNode.insertBefore(t, s); })(f, b, e, 'https://www.googletagmanager.com/gtag/js?id=AW-877820074', n, t, s); };
window.TimesApps = window.TimesApps || {}; var TimesApps = window.TimesApps; TimesApps.toiPlusEvents = function(config) { var isConfigAvailable = "toiplus_site_settings" in f && "isFBCampaignActive" in f.toiplus_site_settings && "isGoogleCampaignActive" in f.toiplus_site_settings; var isPrimeUser = window.isPrime; if (isConfigAvailable && !isPrimeUser) { loadGtagEvents(f.toiplus_site_settings.isGoogleCampaignActive); loadFBEvents(f.toiplus_site_settings.isFBCampaignActive); } else { var JarvisUrl="https://jarvis.indiatimes.com/v1/feeds/toi_plus/site_settings/643526e21443833f0c454615?db_env=published"; window.getFromClient(JarvisUrl, function(config){ if (config) { loadGtagEvents(config?.isGoogleCampaignActive); loadFBEvents(config?.isFBCampaignActive); } }) } }; })( window, document, 'script', );
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.