Watch out – this Android malware has been installed millions of times already
>
Half a dozen Android apps, masquerading as utilities, have scammed users and earned the developers ad revenue, cybersecurity researchers allege.
The apps have managed to fool quite a few people as they have apparently been downloaded over two million times.
Google has since removed them all from the Play Store, but users are still being warned to be wary.
Malicious Android apps
The antivirus team at Dr. Web discovered a total of five apps whose sole purpose is to trick people into downloading them and then showing them ads for as long as possible. The largest, with over a million downloads, is TubeBox.
TubeBox promises users a share of the ad revenue if they watch ads in the app. However, the whole thing is a trick because when the user tries to redeem the rewards, they will easily encounter various bugs and errors. Even those who somehow manage to get around all the bugs just don’t get any money.
Other discovered apps are “Bluetooth device auto connect”, with one million downloads, “Bluetooth & Wi-Fi & USB driver”, with 100,000 downloads, “Volume, Music Equalizer” with 50,000 downloads, and “Fast Cleaner & Cooling Master”, with about 500 downloads.
The apps don’t just display ads – a Firebase Cloud Messaging account serves as a C2 server, instructing the apps which websites to load.
Some apps, such as the “Fast Cleaner & Cooling Master,” could also be used as proxy servers, the researchers found. A proxy allowed the threat actors to channel their traffic through the infected endpoint (opens in new tab).
Just because an app is on the Google Play Store does not make it safe by default. While Google’s defenses are formidable, adversaries are always looking for new ways to squeeze rogue apps into the popular app repository, and occasionally succeed. To protect against such apps, always read the reviews, as other users may also warn about fraud.
Through: Beeping computer (opens in new tab)