A recent report from cybersecurity researchers at Bitdefender has unveiled a concerning discovery: tens of thousands of Android applications have been silently pushing adware onto devices for months. The researchers identified this issue after implementing an anomaly detection feature in their mobile security solution last month. They found that approximately 60,000 unique apps masqueraded as security, utility, and entertainment applications, while their true purpose was to deliver adware.
These malicious apps were primarily distributed through third-party websites specifically created to propagate harmful software. Notably, none of the identified apps were found on the official Google Play Store. Bitdefender believes that the current count of 60,000 apps is not final and that the actual number of malicious software could be much higher.
To increase their reach, the threat actors behind these apps employed various distribution channels, including optimizing the websites on Google’s search engine results pages (SERP). Additionally, they likely utilized social media platforms, instant messaging apps, emails, and other means to target potential victims.
Once a victim downloaded and installed one of these deceptive apps on their device, they would receive a message claiming that the app was unavailable in their region, along with an option to uninstall it quickly. However, the uninstallation process would never occur, leaving the app installed on the device without the user’s knowledge.
To further ensure the longevity of their adware, the developers employed obfuscation techniques. Firstly, the apps did not run automatically upon download, as this would require additional permissions that might raise suspicion. Instead, they remained dormant until activated by the user.
Additionally, after the “uninstall” process, the apps entered a dormant state for several hours. Following this period, they would register two “intents” that would trigger the app to launch upon device reboot or unlocking. However, these intents also remained dormant for the initial two days.
As always, the most effective defense against such threats is to exercise caution and exclusively download software from trusted and legitimate sources. By refraining from sideloading apps and sticking to reputable app stores like Google Play, users can significantly reduce the risk of falling victim to adware and other forms of malware.
