Thousands of Android Adware Apps Hide in Fake Cracked Packages

A large-scale adware campaign targeting Android devices has been discovered, involving thousands of apps disguised as cracked or modded versions of popular applications. The campaign, ongoing since October 2022, aims to generate revenue by bombarding users with unwanted ads. However, the threat actors behind it have the capability to switch tactics and distribute other types of malware such as banking Trojans or ransomware to steal sensitive information.

According to a technical report from cybersecurity company Bitdefender, approximately 60,000 unique apps carrying the adware have been identified. The majority of detections have been found in countries including the United States, South Korea, Brazil, Germany, the United Kingdom, France, Kazakhstan, Romania, and Italy.

Distribution and Spoofed Apps

Notably, none of these malicious apps are distributed through the official Google Play Store. Instead, users searching for popular apps like Netflix, PDF viewers, security software, or cracked versions of YouTube on search engines are redirected to ad pages hosting the malware.

Once installed, these apps take measures to avoid detection, as they have no visible icons or names. Furthermore, when users launch the app for the first time, they are shown a message claiming that the app is unavailable in their region and prompting them to uninstall it, while the malicious activity remains active in the background.

Mode of Operation of the Fake Apps

One notable aspect of this campaign is the adware's modus operandi. Initially, the adware remains dormant for a few days and then activates when the victim unlocks their phone, displaying full-screen ads using Android WebView.

In a separate discovery, cybersecurity firm CloudSEK found the rogue SpinOK SDK, previously disclosed by Doctor Web, embedded in 193 apps on the Google Play Store, with a total of 30 million downloads. This module presents itself as a way to engage users with mini-games and tasks to win rewards but actually contains malicious functions to steal files and manipulate clipboard contents.

Additionally, the SonicWall Capture Labs Threat research team uncovered another strain of Android malware that masquerades as legitimate apps and exploits the operating system's accessibility services to collect a wide range of information from compromised devices. This type of attack can lead to various fraudulent activities, including financial fraud and identity theft.

By Zaib
June 7, 2023
Android Malware
English
June 7, 2023
Android Malware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Android Malware

Watch Out for Mobile Apps Group Android Adware

Mobile apps Group is the collective name given to a number of malicious applications for Android. The four different applications belonging to the same group are called "Driver: Bluetooth, Wi-Fi, USB", "Bluetooth Auto... Read more

November 7, 2022
Android Malware, Computer Security

Fake ChatGPT Apps Scam Android Users

Security experts from Sophos have raised a warning about a new form of scam infiltrating Google Play and Apple's App Store. These fraudulent apps claim to provide access to OpenAI's chatbot service, ChatGPT, through... Read more

June 1, 2023
Adware

InitialSprint Adware

InitialSprint is the name of a piece of software for Mac that exhibits all signs of advertising-supported apps, also known as adware. InitialSprint can be found in your Applications folder on your Mac. It offers no... Read more

May 30, 2022
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.