Researchers at the ESET security company have discovered an adware campaign (program that automatically shows unwanted or misleading advertising) that ran for about a year with 42 applications involved.
These had more than 8 million downloads until they were removed from the Google Play platform.
Have a smartphone to unlock?
“We identified 42 applications on Google Play as belonging to the campaign, which had been running since July 2018. Of these, 21 were still available at the time of the discovery,” Lukas Stefanko, an ESET researcher said in a statement.
Stefanko says that although Google’s security team quickly removed the applications, they are still available in third-party stores.
In addition to functioning as ‘malware’ (harmful type of ‘software’ usually intended to access a device without the user’s knowledge), the applications provide the promised functionality such as FM Radio, video downloader or games.
The operation of this ‘malware’ is to show full screen ads at semi-random intervals, and in the background, send data from the user’s device.
ESET also warns that applications that contain this hidden ‘malware‘ should be considered unreliable.
Damage that could be caused by ‘malware’:
- Annoy users with intrusive ads, they can also be fraudulent
- Waste device battery resources
- Generate more network traffic
- Collect personal information from users
- Hide your presence on the affected device to achieve persistence
- Generate revenue for your operator without user interaction
The security company was able to track the ‘malware’ to the creator, a Vietnamese university student, who by not hiding his identity, the researchers were able to find his personal accounts on Facebook, GitHub and YouTube.