Her researchers ESET discovered a campaign with eight million downloads adware, which existed in Google Play for about a year.
Η malware family is detected as Android / AdDisplay.Ashas by ESET. The team of researchers managed to locate the malware developer and discover other applications full of adware.
«We found 42 Google Play applications in this adware campaign, 21 of which were still in store at the time of their discovery. Google's security team removed them all based on our report. However, they are still available in third-party application storesSays Lukáš ftefanko, ESET malware researcher.
The applications act as adware and at the same time offer the functionality they promise - video, game and radio download, among others. "The functionality of adware is the same in all the applications we analyzed," says Štefanko.
Apps use enough tricks to install on users' devices while remaining invisible: they look for the Google Play security test mechanism, they delay displaying ads long after the device is unlocked, and they hide icons while creating shortcuts for them.
Adware ads appear in full screen. If the user wants to control which application is responsible for the display of the ad, the application imitates Facebook or Google. «Adware copies these two applications to make them look authentic and not suspicious - so it stays on the device as long as possible", Štefanko explains.
Another interesting fact is that the Ashas adware family has hidden its password under the package name com.google.xxx. "It appears to be a genuine Google service, so it can evade control. "Wanting to save resources, some crawlers and sandboxes can whitelist such packet names," Štefanko explains.
During the analysis of the applications, the ESET researchers found that the developer left behind many traces. Using open source information, they located him and identified that he owned the C&C server and that he was responsible for the campaign. Štefanko notes that "the identity of the developer came to light while we were looking for further malicious programs and campaigns"
Although adware is not as harmful as other forms of malware, the fact that it can easily penetrate the official Android App Store is worrying. "Users should protect their devices by following basic cyber security principles and using a reliable security solution," recommends ESET Štefanko.
[the_ad_group id = ”966 ″]
ΜDo not forget to join (register) in our forum, which can be done very easily by the following button…
(If you already have an account in our forum you do not need to follow the registration link)
Follow us on Telegram!
