Slovakian internet security company ESET identified 42 malicious apps on the Play Store affected 8 million Android users. As according to the campaign which is running since July 2018. Out of those 21 were still available at the time of discovery.
Once a user installed an adware-infected application the app will show full-screen ads on the device’s display at intervals. According to Reuters, the Security researchers have detected a massive year-long adware campaign.
The affected apps on users’ Android devices affects eight million users from Google Play alone. Slovakian internet security company ESET identified 42 malicious apps on the Play Store affected 8 million Android users. As according to the campaign which is running since July 2018. Out of those 21 were still available at the time of discovery.
By reporting these apps to the Google security team and The team removed it swiftly. However, the apps are still available in third-party app stores, said the researchers in a statement released on Thursday.
Once the app gets launch, the “Ashas” adware family app sent “home” key data about the affected device. Such as device type, OS version, language, number of installed apps, free storage space, battery status.
The app receives configuration data from the command and control server (C&C) server. it requires this for displaying ads, and for stealth and resilience, said the security researcher Lukas Stefanko.
Once a user installed an adware-infected app, then the app will show full-screen ads on the device’s display at intervals.
After dodging Google servers the malicious app can set a custom delay between displaying ads. Based on the server response the app can also hide its icon and create a shortcut instead.
If a typical user tries to get rid of the malicious app, the chances are that only the shortcut ends up getting removed. The app then continues to run in the background without the user’s acknowledgement. This stealth technique has been gaining popularity among adware-related threats.
According to the research team, students at a Vietnamese university may be behind the malicious adware app.
Due to poor privacy practices on the part of our culprit’s university, we now know his date of birth. Also, we know that he was a student and what university he attends. We have also retrieved his University ID and a quick googling showed some of his exam grades said, researchers.
The malicious developer also has apps in Apple’s App Store. Some of them are iOS versions of the ones removed from Google Play but none contain any adware functionality said, Lukas Stefanko.