Security researchers from London found that malicious apps have been installed in 8 million Android devices from Google play store itself through
massive year-long adware campaign.
Slovak internet security company ESET found 42 apps on Google play are belonging to this campaign which is running from July 2018. Out of these apps 21 apps are still available from the time of discovery.
How this adware works?
Once landed, “Ashas” adware app send the configuration details like Device type, language, battery status, apps installed, available memory, root status, FB installation status and much more of the affected device. With these details ads will start showing up at regular intervals.
These adware app, first check whether it has been tested by play services. Then after, hijacking the Google servers it start showing ads at intermittent intervals based on server response time.
This adwares are smart enough to hide themselves from installed apps instead it creates only shortcuts. Even when the user deletes it will be only the shortcut not the app itself.
Suspect behind the scene:
As researchers suspected, app developer would have been from Vietnamese University.
Researchers stated that “Due to poor privacy practices on the part of our culprit’s university, we now know his date of birth, we know that he was a student and what university he attended. We retrieved his University ID; a quick googling showed some of his exam grades”.
“The malicious developer also has apps in Apple’s App Store. Some of them are iOS versions of the ones removed from Google Play, but none contain adware functionality,” said Stefanko.
Thanks for reading! It’s time to click on share button now.