They discover a hidden ‘adware’ campaign that affects 60,000 Android applications

June 12 (Portaltic/EP) –

Cybersecurity researchers have discovered a malware campaign that aggressively pushes malicious ads on Android devices to generate income, and that it is acting hidden in devices around the world affecting up to 60,000 applications.

‘Adware’ is a form of Ad-Based Malware that is introduced in applications and allows the developer to offer products for free to the public but, in return, keep getting paid by an advertising company.

These advertisements can be presented as much as popups or as images and videos. Thus, apparently they do not pose a problem but, as cybersecurity experts warn, behind these ads there may be a suspicious program that monitors user activity either establish a pattern of browsing habits.

Therefore, the ‘adware’ It could be dangerousso it can be used as a spyware or another type of ‘malware’ easily infecting devices by installing advertising-supported software via free applications.

In this framework, researchers from the Bitdefender cybersecurity company have discovered a new global campaign of ‘Malware’ “Aggressively” Pushing ‘Adware’ Stealthily On Android Devices and that it has been active for a prolonged period, so more than six monthspossibly due to the lack of behavior-based detection capabilities in Android.

As researchers have analyzed and shared in a statementthis campaign has the goal of generating income. However, malicious actors can also use it to redirect users to “other types of malware” such as bank trojans to steal credentials or ‘ransomware’.

The campaign has been spread globallyand have been discovered around 60,000 unique applications that contain ‘adware’. However, from Bitdefender they have warned that it is likely that there many more applications with ‘adware’ in circulation.

The researchers point out that such applications are not found in any official store, so cybercriminals have to persuade users to download and install such third-party applications. To get it, mimic real apps published on play store, the google store.

Some examples, as Bitdefender has pointed out, are free vpn netflix, rogue security programs and games with unlocked features. In fact, modded apps are usually original apps that include all of their features unlocked or have changes to the initial programming.

Regarding how the ads are displayed, once the user unlocks the mobile, the Fake app gets ‘adware’ URL from server already Through the mobile browser, load the ad. It also uses ‘adware’ libraries to display a full-screen ad.

In research, it has also been found that cybercriminals are capable of bypass a mechanism included by Google to avoid hiding application icons on the home screen. Since API 30, Google removed the ability to hide the app icon in Android once a launcher is registered.

Thus, to avoid this measure, malicious actors prevent the app from registering any launcher and it just depends on the user and Android’s default installation behavior to run first time.

The fact of not having an icon makes this ‘app’ and the ‘adware’ more difficult to detect and, therefore, to uninstall. In addition, once installed, the application opens automatically and shows an error indicating that it has not been installed correctly, making the user believe that it was a mistake and that they do not have the ‘app’.

In this way, the user you will only be able to remove the fake app from the android app manager in the Settings app.

This ‘adware’ campaign has been identified by Bitdefender researchers thanks to a anomaly detection technology within the Bitdefender mobile Security service. According to the registered data, the campaign has been identified mainly in the United States, which registers a 55.27 percent of the cases.