Users of Android devices have a new headache to worry about: more than 60,000 applications have been discovered that, when installed, loaded adware on terminals. The identification of the problem has been made by Bitdefender, which has given specific data on how worrying this discovery is.
Silent. This is always how adware gets installed in those infected apps that you download on your mobile and that affect your device without your knowledge. The more than 60,000 infected apps that are being talked about to alert users have been infecting devices for half a year. And the problem is that there seem to be many more in the same situation.
A worrying discovery
The report published by Bitdefender, the company responsible for the antivirus of the same name, includes specific data on everything they discovered in the last month. From what they mention, they believe that this adware attack began to infect Android applications in October of last year 2022. Since then it has not stopped growing and becoming a growing problem.
The cybercriminals behind the attack have used all sorts of applications to embed the adware in order to have a better chance of reaching as many devices as possible. Thus, they have not limited themselves to infecting applications that are usually more likely to contain viruses, such as apps for cracking games or tools with different apparently useful utilities, but they have also camouflaged it in other types of downloads. Thus, it has also been hidden in many applications that copy popular tools, such as Netflix, and that are made available to the public with the intention of tricking them into downloading.
This is how infected apps act
There are several aspects that make us suspect that you may have installed one of these applications. First of all, none of them are available on Google Play, but their distribution has been carried out exclusively in third-party stores or on web pages through APK files. Once the app is downloaded and installed, the tool asks for permissions as would be the case with completely legal applications.
But where they differ is two things: they don’t have an app icon, and the app tag is just a UTF-8 character. That makes us suspicious, so it is possible that many people have been saved from the infection because, after the download, they suspected that it was present on the mobile. However, if it opens, that is when the infection occurs. You’ll know because a message will appear stating the following: āThis app is not available in your region. Press OK to uninstall.”
When the user presses the button, the application is not uninstalled. What it does is remain hidden and at rest until, two hours after the theoretical uninstallation has been carried out, it begins its process to configure the adware in a way that the user does not know about. From then on, the app will communicate with the attacker’s external server and this will cause ads to appear, both in-browser and full screen.
Until now it has not been discovered that the malware is being used for other types of dangerous actions, but from Bitdefender they say that just as it is being used for adware, attackers could change their strategy and use the infection to carry out other types of crimes. This could happen, for example, if there comes a time when the adware process is no longer as profitable for them as before. To avoid risks, at Bitdefender they remember the importance of installing apps from Google Play only.
The only good news is that, according to Bitdefender, the main ones affected at the moment are users from the United States and South Korea, as you can see in the image that we have attached and that has been distributed by the antivirus firm. Although we must not downplay the 12.19% that “Other places” has, because it is possible that Spain is part of it.
