In Google Play alone, security researchers have discovered a large adware campaign that
installed the app on eight million users' Android devices. Slovak cybersecurity company
ESET has identified 42 processors on Google Play as belonging to the campaign, which
runs from July 2018. By the time they discovered 21 of them, they were available.
installed the app on eight million users' Android devices. Slovak cybersecurity company
ESET has identified 42 processors on Google Play as belonging to the campaign, which
runs from July 2018. By the time they discovered 21 of them, they were available.
"We complained to the Google security team about the app, which was quickly removed.
However, the processors (app) are still available in third-party app stores," the researchers
said in a statement on Thursday.
However, the processors (app) are still available in third-party app stores," the researchers
said in a statement on Thursday.
Once launched, the "Ashas" adware family processor (app) to check the device type,
OS version, language, number of installed processors, free storage space, battery status,
device rooted & developer mode enabled, and Facebook and FB Messenger installed. app)
Sent "home" sensitive data about the affected device.
OS version, language, number of installed processors, free storage space, battery status,
device rooted & developer mode enabled, and Facebook and FB Messenger installed. app)
Sent "home" sensitive data about the affected device.
"The processor receives configuration data from the command and control server (C&C)
server, which is required for displaying advertisements, stealing and lagging," said security
researcher Lukas Stefanko.
server, which is required for displaying advertisements, stealing and lagging," said security
researcher Lukas Stefanko.
Once a user has installed an adware-infected processor, the processor will display full-screen
ads in the space of the device's display.
ads in the space of the device's display.
First, it tries to determine if the malicious app is being tested by the Google Play security
mechanism.
mechanism.
After hitting Google servers, the malicious processor will set a custom delay between displaying
ads.
Depending on the server response, the processor can hide its icon and create a shortcut
instead.
"If a typical user tries to get rid of a malicious app, there is only a shortcut that can be
ads.
Depending on the server response, the processor can hide its icon and create a shortcut
instead.
"If a typical user tries to get rid of a malicious app, there is only a shortcut that can be
removed. Afterward, the processor continues to run in the background without users
realizing it. That researcher Cited.
realizing it. That researcher Cited.
According to the report, Vietnamese university students seem to be behind a malicious
adware app.
adware app.
"Our criminal university, due to poor privacy practices, now we know his date of birth, he is a
student and we know what university he is attending. We retrieved his university ID; quick
Google showed him some of his choice criteria," the researchers said.
Stefanko said, "The malicious developer has malicious developer apps on the Apple App Store. Some of them are iOS versions of Google Play removed, but none have an adware function."
student and we know what university he is attending. We retrieved his university ID; quick
Google showed him some of his choice criteria," the researchers said.
Stefanko said, "The malicious developer has malicious developer apps on the Apple App Store. Some of them are iOS versions of Google Play removed, but none have an adware function."
No comments:
Post a Comment