Adware is one of the most insidious threat to the mobile platform, this family of malicious code is used by threat actors to automatically display or downloads advertising material when a user is online. Adware represents a serious threat to the user privacy because some ad networks collect a huge quantity of personal information, including email address and phone numbers, data that could be sold in the underground or used for targeted attacks.
Security researchers at Avast, have discovered a new strain of adware on the official Google Play Store, and for this reason have infected millions of Android users.
The experts have pointed out three popular gaming apps deployed on the Google Play Store that were used to infect with the “adware” the unaware users.
The three malicious Android app are:
The three apps were offered for free in the Play Store and apparently they have been published by different developers, impressive the number of download they reached, the Durak card game app alone has 5 to 10 million installs, total of the three apps have achieved more than 15 Million installs. Once the victims have installed the malicious app on their mobile device, with the passage of time, users can see abnormal behavior and a degradation of the performance of the smartphone, which begins to provide reports of problems and the presence of alleged infections.
“Each time you unlock your device an ad is presented to you, warning you about a problem, e.g. that your device is infected, out of date or full of porn. This, of course, is a complete lie. You are then asked to take action, however, if you approve you get re-directed to harmful threats on fake pages, like dubious app stores and apps that attempt to send premium SMS behind your back or to apps that simply collect too much of your data for comfort while offering you no additional value. An even bigger surprise was that users were sometimes directed to security apps on Google Play. These security apps are, of course, harmless, but would security providers really want to promote their apps via adware?” reads a blog post published by Avast.
Users could be redirected to malicious content managed by threat actors that could be used for financial scams (i.e. Sign up for a premium SMS service that user has no quested, installation of unwanted app).
In the specific case, users have been redirected to the Google Play store pages for legitimate security applications in order to restore normal operations of the smartphone.
“This kind of threat can be considered good social engineering,” states Avast.
Google has already removed the malicious Android apps from its Google Play store, of course the company banned the developers.
(Security Affairs – adware, Google Play store)