Security researchers have unearthed a massive year-round adware campaign where apps from Google Play were included eight million times on users’ Android devices. Slovak internet security company ESET identified 42 apps on Google Play related to the campaign, which had been running since July 2018. 21 of them were still available at the time of discovery.
“We reported the apps to the Google security team and were swiftly removed. However, the apps are still available in third-party app stores,” the researchers said in a statement on Thursday.
Once launched, the “Asha” adware family app sent “Home” key data about the affected device: device type, OS version, language, number of installed applications, free storage space, battery status, what The device is rooted and developer mode is enabled, and do Facebook and FB Messenger are installed.
Security researcher Lucas Stefanco said, “The application receives configuration data from the Command and Control Server (C&C) server, which is required to display advertisements, and for stealth and flexibility.”
Once a user installs adware-infected apps, the app will show full-screen ads on the device’s display.
First, the malicious app tries to determine if it is being tested by the Google Play security mechanism.
After dodging Google servers, malicious applications can set a custom delay between displaying ads. Depending on the server’s response, the app can also hide its icon and create a shortcut instead.
“If a normal user tries to get rid of a malicious app, there is a possibility that only the shortcut is running out. The app then runs in the background without the user’s knowledge. This stealth technique is gaining popularity among adware-related Researchers distributed threats through Google Play.
According to the team, students at a Vietnamese university may be behind the malicious adware app.
“Due to poor privacy practices on behalf of our delinquent university, we now know his date of birth, we know he was a student and which university he attended. We retrieved his university ID, a quick googling showed Some of his examinations showed up, “the researchers said.
“Malicious developers also have apps in the Apple App Store. Some of them are iOS versions removed from Google Play, but none have adware functionality.”