Quiet. In this way, you always install the adware in the infected applications that you download on your mobile phone and that affects your device without your knowledge. The more than 60,000 infected apps that are being talked about to warn users have been infecting devices for half a year. And the problem is that there seem to be many more in the same situation.
A worrying discovery
The report released by Bitdefender, the company responsible for the antivirus of the same name, provides specific data on everything they’ve discovered over the past month. According to them, they assume that this adware attack started infecting Android applications in October last year 2022. Since then, it has not stopped growing and becoming a growing problem.
The cyber criminals behind the attack used various applications to embed the adware to have a better chance of reaching as many devices as possible. Therefore, they have not limited themselves to infecting applications that are usually more likely to contain viruses, such as B. game cracking apps or tools with various seemingly useful utilities, but have also camouflaged them in other types of downloads. Hence, it has also been hidden in many applications that copy popular tools like Netflix and are exposed to the public with the intention of tricking them into downloading it.
This is how infected apps behave
There are several aspects that lead us to suspect that you may have one of these applications installed. First of all, none of them are available on Google Play, but they are only distributed on third-party stores or websites via APK files. Once the app is downloaded and installed, the tool will ask for permissions as it would with perfectly legal applications.
However, they differ in two things: they don’t have an app icon, and the app tag is just a UTF-8 character. This raises the suspicion that many people may have been saved from infection because, after downloading, they suspected of being present on the mobile phone in this way. However, when it opens, infection occurs. You’ll see a message saying, “This app isn’t available in your region. Click OK to uninstall.
When the user presses the button, the application is not uninstalled. It remains hidden and dormant until two hours after performing the theoretical uninstallation, it starts configuring the adware in a way the user is unaware of. From that moment on, the app communicates with the attacker’s external server, causing ads to appear both in-browser and full-screen.
So far it has not been detected that the malware is used for other types of dangerous actions. However, Bitdefender says that due to its use for adware, the attackers could change their strategy and use the infection for other types of crimes. For example, this can happen when at some point the adware process is not as profitable for them as it was before. To avoid risks, Bitdefender makes it important to only install apps from Google Play.
The only good news is that according to Bitdefender, at the moment it is mostly users from the United States and South Korea that are affected, as you can see in the image we’ve attached and distributed by the antivirus company. However, we mustn’t downplay the 12.19% of Other Places because it’s possible that Spain is one of them.
