Google just took down 224 malicious apps with 38 million installs from the Play Store — how to stay safe
Bad apps can be hiding in the place you least expect and that’s exactly what happened with 224 malicious apps that were recently removed from the Google Play Store following the discovery of a massive ad fraud campaign.
As reported by BleepingComputer, the campaign itself was discovered by Human’s Satori Threat Intelligence team which revealed in a new report that these apps had over 38 million downloads in total. However, it was the advanced tricks and obfuscation techniques they used to bypass Google’s defenses that really stood out.
Here’s everything you need to know about this new ad fraud campaign including what to do if you did download one of the apps in question along with some tips and tricks to help keep your Android phone safe from adware apps.
From legitimate to malicious in an instant
In order to avoid being detected by Google’s app review process and Android’s built-in security software, the scammers behind this new ad fraud campaign went to great lengths.
For instance, if an Android user installed one of these so-called SlopAd apps directly through the Play Store of their own accord, the app would act as it normally would once installed. However, if they stumbled upon one of these apps after clicking through from the scammers’ various ad campaigns, the app would become malicious after installation.
Once the SlopAds app ran the necessary checks to see whether or not it was installed via the Play Store, it would then download an encrypted configuration file that contained links to the scammers’ ad fraud malware module, cashout servers and a JavaScript payload. From there, the app would run one final check to make sure it was installed on a legitimate Android user’s device and not being analyzed by a researcher or software before proceeding.
Now this is where things get interesting. These SlopAd apps would download four PNG images that look harmless at first glance. However, they actually use stenography to hide pieces of a malicious APK or installation file which is the driving force behind this ad fraud campaign.
After being downloaded, the images are decrypted and then reassembled on a targeted device to form the FatModule malware. Once activated, it uses hidden WebViews to collect device and browser information as well as to navigate to scammer-controlled domains which are used to cashout all of this fake ad revenue generated by these SlopAd apps.
The domains themselves impersonated videogame and news sites while continuously serving hidden WebView screens. This generated over two billion fraudulent ad impressions and clicks each day which brought in quite a lot of money for the scammers.
How to stay safe from ad fraud apps
Although Human’s Satori Threat Intelligence team hasn’t released the full list of these 224 SlopAd apps, they’ve all been taken down from the Google Play Store. Likewise, if you accidentally downloaded one, you don’t need to worry about tracking it down on your own. This is because Google has updated Android’s built-in security app Google Play Protect to warn users to uninstall any of these malicious apps that may be on their smartphones or tablets.
So besides stealing, what’s so dangerous about ad fraud and adware apps? Well, imagine if your phone was constantly loading random websites in the background throughout the day? Not only would this eat up your mobile data but it would also put unnecessary strain on your phone’s battery and other components. As such, you’d probably need to upgrade to a new device sooner rather than later if you had one of these SlopAd apps or a similar adware app installed.
I know this isn’t as pressing of a threat as your typical Android malware infection, but it’s still something you need to be aware of and look out for. Even though we’re not dealing with an infostealer or other dangerous malware here, you can see above how those who chose to sideload these apps were much more at risk than others who downloaded them from an official Android app store, in this case, the Play Store itself.
If you are worried about malware and other viruses ending up on your phone or tablet, then you might want to consider running one of the best Android antivirus apps alongside Google Play Protect. Likewise, if you want the ultimate protection from hackers, scammers and even identity thieves, then the best identity theft protection services are what you’re after. They’re more expensive but a big reason for this is that they include identity theft insurance which can range from anywhere from $1 million to $2 million. This money can be used to cover legal expenses, to get new documents and to compensate you for any funds lost to fraud.
Given how much money a major ad fraud scheme like this one can generate for scammers and other cybercriminals, this likely isn’t the last one we’ll see. In fact, due to the sophistication of this SlopAds campaign, the security researchers who uncovered it believe that the scammers behind this one we’ll likely try something very similar quite soon. So be on the lookout and as always, be careful what you download.
Follow Digitpatrox on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button!
More from Digitpatrox
Source link