The most popular of these, having 100k downloads each, are the following:
The 35 malicious Android applications have download counts ranging from 10,000 to 100,000, totaling over two million downloads. The malicious apps also feature heavy code obfuscation and encryption to thwart reverse engineering efforts, hiding the main Java payload inside two encrypted DEX files.Īnother method for the apps to hide from the user is to exclude themselves from the ‘Recent apps’ list, so even if they run in the background, exposing active processes won’t reveal them. In some cases, the apps assume the appearance of Motorola, Oppo, or Samsung system apps. The malware then launches the legitimate Settings menu to trick users into thinking they launched the correct app.įunction to launch system Settings (Bitdefender) If the user clicks on the icon, the app launches the malware app with a 0 size to hide from view. Hiding methodsĪs Bitdefender explains in the report, the adware apps implement multiple methods to hide on Android and even receive later updates to make it easier to hide on devices.Īfter installation, the apps typically assume a cog icon and rename themselves as ‘Settings,’ to evade detection and deletion. The apps were found by security researchers at Bitdefender, who employed a real-time behavior-based analysis method to discover the potentially malicious applications.įollowing standard tactics, the apps lure users into installing them by pretending to offer some specialized functionality but change their name and icon immediately after installation, making them difficult to find and uninstall.įrom then on, the malicious apps begin to serve intrusive advertisements to the users by abusing WebView, generating fraudulent impressions and ad revenue for their operators.Īdditionally, because these apps use their own framework to load the ads, it would likely be possible to drop additional payloads on a compromised device. A new batch of thirty-five malware Android apps that display unwanted advertisements was found on the Google Play Store, with the apps installed over 2 million times on victims' mobile devices.
0 kommentar(er)
