Smartphones & Tablets | June 18, 2023
Adware is one of the most stealthy types of malware that can infect an Android device, and sometimes it is extremely difficult to detect. Bitdefender has discovered its presence in over 60,000 applications worldwide, although it is suspected that the number is higher. Fortunately, Spain is not one of the most affected countries.
Adware enters mobile phones and tablets through external stores to Google Play, as some of these stores do not perform thorough checks on the apps they offer. This allows them to camouflage themselves among other completely normal apps.
Furthermore, they manage to hide within the system to make their elimination difficult, making it challenging to realize that they are there. In fact, it is estimated that the recently discovered ones have been operating secretly for at least 6 months.
This type of malicious software does not steal user information but specializes in displaying intrusive and unauthorized advertisements. These advertisements generate revenue for the author and can appear as pop-up windows or full-screen formats.
However, the creators of this malware can also redirect users to phishing pages or similar sites that attempt to steal their data. The potential danger they pose is significant.
To conceal their true intentions, adware masquerades as a normal application in the store. Generally, they claim to offer access to paid content for free, although they can also be disguised among others. Some of the imitated apps include free VPN services, games with unlocked premium features, free access to Netflix or YouTube Premium, as well as weather services or PDF readers.
One of the most interesting discoveries made by researchers is that it bypasses a mechanism by Google to hide the application icon. In theory, in Android, once an app is opened from its icon on the home screen, it cannot be hidden.
To achieve this, the malicious application disguises itself, and once installed, it automatically opens and displays a notification that it is not available. In this way, since it has not been launched from the launcher, it can hide its icon. Subsequently, if the user tries to open it, a message will be displayed indicating that it has not been installed.
Far from reality, what it has done is hide in plain sight so that it can only be uninstalled from the application manager in Settings. From this section, all installed apps can be accessed, including system apps. However, there are so many apps that it can be difficult to find, and one must look for it to appear without a name or icon.
In addition to the danger of having adware on your mobile device, constantly viewing ads can be quite annoying. This is compounded by the battery drain that occurs as a result of having this process running constantly in the background.
Bitdefender researchers have detected the presence of this malware on over 60,000 devices, although it is suspected that there are many more. They have spread across a large number of countries, but the majority of them have been detected in the United States, accounting for 55.27% of the total.
Fortunately, China is not one of the most affected countries, as it does not even appear separately in the graph but could be included in the “Other countries” category, accounting for 12.19% of the total. In South Korea, 9.8% of these applications have been downloaded, while Brazil accounts for 5.96%. Some European countries such as France with 2.56% and Romania with 2.41% have also been affected by this virus.
The download of the disguised malware has not been from Google Play, but rather through external app stores. This does not mean that it happens in all of them, as there are alternatives like Uptodown that carry out software verification for the apps they offer.
One of the detected patterns is that the adware waits a few days before starting to display ads to avoid drawing attention and suspicion from the user. After some time, advertisements begin to appear through the browser, so when these ads are displayed, the responsible application appears to be the app through which the user normally accesses the internet.
Its existence has been discovered on Android using an app that uses machine learning to detect suspicious behavior on the mobile device. Bitdefender recommends using anti-malware apps to prevent this type of attack, as well as paying attention to the behavior of apps and whether too many ads appear where they shouldn’t.
