There are many more of them in the “wild nature”
More than 60,000 Android apps disguised as genuine “honest” apps have installed adware on mobile devices without being noticed for the past six months. This was told in a recent report by the Romanian company Bitdefender, specializing in cybersecurity.
To date, Bitdefender has found 60,000 completely different samples (unique apps) containing adware, and we suspect many more exist in the wild.
According to experts, this campaign began in October 2022. Malware is distributed under the guise of security apps, game hacks, cheats, VPNs, Netflix, and various utilities. Applications are not hosted on Google Play, but on third-party websites that appear in Google searches and allow you to manually install the APK.
Tens of thousands of Android apps surreptitiously installed adware on smartphones
When an application is installed, it does not automatically start because it requires additional privileges. Instead, a standard Android process is launched with a suggestion to open the application after it is installed, with the expectation that the user will launch the application at least once.
When launched, the app displays an error message that says “The app is not available in your region. Click OK to delete.” However, in fact, the application is not deleted, but simply “sleeps” for two hours, after which its launch is activated when the screen is unlocked or the smartphone is rebooted. When launched, the application contacts the attackers’ servers and receives URLs for ads that will be displayed in a mobile browser or in full screen mode.
The attack mainly targets users in the US, followed by South Korea, Brazil, Germany, the UK and France.