Watch out – this Android malware has already been installed millions of times
Half-dozen Android The apps, pretending to be utility services, scam users and make money from ads for developers, cybersecurity researchers have claimed.
These apps have fooled quite a few people, seemingly downloaded more than two million times.
Google has removed them all from the Play Store, but users are still warned to be wary.
Malicious Android Apps
Dr. Web virus removal The team discovered a total of five apps whose sole goal was to trick people into downloading and then serving them ads for as long as possible. The biggest app, with over a million downloads, is TubeBox.
TubeBox promises users a cut of ad revenue if they sit and watch ads within the app. However, this whole thing is just a trick, as when users try to redeem the rewards, they will conveniently encounter various bugs and errors. Even those who somehow manage to fix all the errors will simply not get any money.
Other detected apps are “Automatically connect Bluetooth devices”, with one million downloads, “Bluetooth & Wi-Fi & USB drivers”, with 100,000 downloads, “Volume, Tuner” music” with 50,000 downloads and “Fast Clean & Cool”, with around 500 downloads.
The apps don’t serve any ads – the Firebase Cloud Messaging account acts as the C2 server and instructs the apps which web page to load.
The researchers found that some apps, such as “Fast Cleaner & Cooling Master”, can also be used as proxy servers. With a proxy, threat actors can pass their traffic through the infected machine final point (opens in a new tab).
Just because an app is on the Google Play Store doesn’t make it safe by default. While Google’s protection mechanisms are formidable, threat actors are always looking for new ways to force fraudulent apps into the popular and sometimes successful app store. To protect against such apps, always be sure to read through the reviews as other users may also warn of fraud.
Through the: BleepingComputer (opens in a new tab)