Over 60,000 android apps secretly installed adware for months, report claims

A recent investigation by Romanian cybersecurity firm Bitdefender has revealed that over 60,000 Android apps posing as legitimate applications, have been silently installing adware on mobile devices for the past six months without user knowledge.

Bitdefender's mobile security software, equipped with an anomaly detection feature, successfully identified the malicious apps last month. The cybersecurity firm has already discovered 60,000 unique samples of adware-infected apps and suspects that many more are circulating undetected.

The campaign is believed to have originated in October 2022 and employs various disguises, such as fake security software, game cracks, cheats, VPN software, Netflix and utility apps. These malicious apps are not hosted on Google Play but are instead distributed via third-party websites found in Google Search results, where users can download APKs (Android packages) to manually install apps.

Visiting these sites will lead to redirects to ad-filled websites or prompts to download the desired app. The download sites are purposefully designed to distribute adware-infected Android apps. Once installed, the apps do not configure themselves to run automatically but instead rely on the standard Android app installation flow, where users are prompted to manually open the app.

Detecting these malicious apps is challenging due to their lack of an icon and the presence of a UTF-8 character in the app's label. This hidden nature allows the app to remain dormant unless the user initiates it, resulting in potential invisibility.

Once launched, the app displays an error message claiming that the "application is unavailable in your region" and prompts the user to uninstall it. However, in reality, the app remains installed and becomes active after a two-hour delay or when specific triggers, such as device booting or unlocking, occur. The app then contacts the attackers' servers to fetch advertisement URLs, which are displayed in the mobile browser or as full-screen WebView ads.

Currently, the adware campaign is primarily focused on displaying advertisements, but researchers warn that threat actors could easily replace the adware URLs with more malicious websites, such as those hosting banking Trojans or ransomware.

Android devices are particularly vulnerable to malware due to the ability to install applications from outside the official Google Play Store, where apps undergo thorough inspection for malware. However, threat actors continue to evade detection, even on Google Play, leading to the broad distribution of malicious apps.

Recently, cybersecurity researchers from Dr. Web and CloudSEK discovered a spyware software development kit (SDK) installed on over 400 million Android devices from apps available on Google Play.

More from Business

  • Aviation sector contributes $4.1 trillion to global economy

    The UAE's Minister of Economy and Chairman of the General Civil Aviation Authority (GCAA), on Monday emphasised the aviation sector's critical role in the global economy, noting that it accounts for 12 to 13 per cent of GDP in some countries and supports millions of jobs worldwide.

  • Paris AI summit draws world leaders

    World leaders and technology executives are convening in Paris on Monday to discuss how to safely embrace artificial intelligence at a time of mounting resistance to red tape that businesses say stifles innovation.

  • 16% growth in new economic licences in Abu Dhabi during 2024

    The Abu Dhabi Registration and Licensing Authority (ADRA), which develops and regulates the business sector, on Monday revealed significant growth in business licences and compliance indicators in the Emirate's mainland and non-financial economic free zones during 2024.

  • DEWA updates billing on water consumption

    Dubai Electricity and Water Authority (DEWA) has announced that it will adopt the cubic metre as the standard unit for measuring water consumption starting from the March 2025 billing cycle.

  • UAE, Japan to complete CEPA by end of year

    The UAE Minister of State for Foreign Trade, Dr. Thani bin Ahmed Al Zeyoudi, has said negotiations for the Comprehensive Economic Partnership Agreement (CEPA) between the UAE and Japan will be completed before the end of 2025.