Android advertising software hit the Google Play Store in the last two months



[ad_1]

The Google Play Store is not the impregnable fortress that Google wants to make others believe. Sometimes, malware slips.

Ransomware, banking Trojans, spyware, or SMS fraud have been successful in some cases, but the Google Play Store is usually the victim of adware in most cases.

Most of the security reports that you will read about the malware created on the Play Store are adware, which is nothing more than malicious apps that do not have any functionality or functionality. real object, apart from displaying intrusive ads and generating a profit for their developers.

In the past two months, there has been a resurgence of adware reports, thanks to the defenses of the Play Store, and being installed on users' computers.

ESET researcher discovers several advertising campaigns

Lukas Stefanko, security researcher at ESET, identified two campaigns in October[[[[1, 2], then two others in November[[[[1, 2]this year, two of them infecting at least half a million users.

The researcher found adware in applications that mimic popular games, children's apps, or instant messaging clients, to name just a few examples.

Stefanko is not, however, the only one to sound the alarm on Android applications infected with advertising software.

The explosive BuzzFeed report

Yesterday, in a presentation by BuzzFeed News, Kochava's mobile security researchers revealed the existence of similar features to those of an advertising software in eight extremely popular applications downloaded more than two billion times from from the Play Store.

The applications are Clean Master, CM File Manager, CM Launcher 3D, Master Security, Battery Doctor, CM Locker and Cheetah Keyboard. All were created by Cheetah Mobile, a Chinese application development company, and one of the largest app developers on the Play Store.

Google is still studying Kochava's results and only CM Locker was removed from the Play Store at the time of writing. In general, Cheetah Mobile will attack adware as an adware integrated in its applications and will keep its applications on the Play Store.

Trend Micro joins the group

In addition to the aforementioned reports, Trend Micro also discovered a new strain of Android advertising software, which it named FraudBot.

In a report released today, the cyber security firm says it has found seven Android apps available through the Play Store hosting FraudBot instances.

The seven apps represented legitimate voice mail platforms, but actually contained a code to open a mobile browser to load online survey pages, or pages loaded with ads, and then trigger events. programmed to imitate the users who record their ads.

Trend Micro researchers said the seven apps had been downloaded "one by one since October" on the Play Store via different developer accounts, but similarities in the source code of the adware suggest that they were coded by the same person or group.

The good news is that, unlike the cases reported by Stefanko and Kochava, Trend Micro detected this adware operation prior to its launch and only a small number of users had downloaded and installed adware infested applications.

Trend Micro said Google had removed the seven apps from the Play Store after receiving a report from its researchers, but they expect the FraudBot team to download new apps in the next few days or weeks. next weeks.

Related coverage:

[ad_2]
Source link