ESET researchers discovered a campaign with eight million adware downloads, which existed on Google Play for about a year. The malware family is detected as Android/AdDisplay. Ashas by ESET.
The team of researchers managed to identify the developer of malicious software and discover other applications full of adware. "We found 42 apps on Google Play belonging to this adware campaign, 21 of which were still in the store during the discovery period. The Google security team removed them all based on our report. However, they are still available in third-party app stores, "says Lukáš Štefanko, ESET's malware researcher.
Applications act as adware and at the same time offer the functionality they promise – Download videos, games and radio, among others. "The functionality of the adware is the same in all the applications we analyzed," says Å tefanko.
Apps use enough gimmicks to settle on users ' devices while remaining invisible: looking for the Google Play security testing engine, they slow to display ads for quite a while after unlocking the device and hiding the icons while creating shortcuts for them.
Ads from adware appear in full screen. If the user wants to check which app is responsible for the ad's appearance, the app mimics Facebook or Google. "Adware copies these two applications to look authentic and not arouse suspicion – and thus remains on the device as long as possible," explains Å tefanko.
In analyzing applications, ESET researchers found that the developer left behind a lot of traces. Using open source information, they tracked him down and identified that he owned the server C&C and that he was responsible for the campaign. Å tefanko notes that "the identification of the developer arose as we sought further malware and campaigns"
photo : pxhere.com
No comments:
Post a Comment