Cybersecurity researchers have warned of a large-scale ad falsification campaign that used hundreds of malicious applications published in Google Play store to serve full-screen advertising and conduct phishing over.
“In the app – Note In a report that shared with Hacker News.
The details of the activity were For the first time disclosed At the beginning of this month (IAS) (IAS), documented the opening of more than 180 applications that were designed to deploy endless and intrusive full-screen interstitial video advertising. The Advertising Fraud Scheme was a couple.
These applications, which have been removed by Google since then, have been masked as legitimate applications and collectively scored more than 56 million downloads between them, which creates more than 200 million requests.
“The fraudsters for the couple have created several developers’ accounts, each conducted only a few applications to distribute their work and detect evasion,” the SME threatening laboratory said. “This distributed installation guarantees that the removal of any single account will have a minimum effect on overall work.”
By imitating the seemingly harmless utilities, fitness and lifestyle application, the operation was able to successfully sign users before installing them.
Another important aspect is versionIncluding publication in the Play Store functional application, provides any malicious functionality so that it undergoes the Google check process. Features are removed in the following applications updates to show intrusive ads.
What’s more, the advertisement abducts the entire device screen and prevents the victim to use the device that does not work largely. It is estimated that the company began approximately in April 2024 before expanding earlier this year. More than 140 fictitious applications were loaded in October and November.
The latest results of the Romanian cybersecurity company show that the company is larger than previously, which presents 331 apps that have gained more than 60 million downloads.
In addition, to hide the application icon from the launcher, some of the identified applications were also observed by an attempt to collect credit card data and users’ accounting data. Malicious software is also capable of highlighting the device on a controlled server attacker.
Another technique used to evade detection is use Leanback LauncherType of launches specifically designed for Android television devices, as well as changing your own name and icon to present itself Google Voice.
“The attackers have found out a way to hide the insults from the launcher, which is limited to newer android iterations,” Bitdefender said. “Applications can start without users’ interaction, although it should not be technically possible in Android 13.”
It is believed that the company is a job either a single threatening actor or several cybercriminals who use the same packaging tool that is advertised for sale in underground forums.
“The investigated applications bypass Android restrictions to start activity, even if they do not work in the foreground, and without the necessary permits, spam users with continuous, full-screen advertising,” the company added. “The same behaviors are used to maintain the elements of the user interface, which provide phishing attempts.”
