Have any questions:

Toll Free +91 89682 66487

Mail to info@ultimatetechagency.com

Facebook ads push Android adware with 7 million installs on Google Play

In: Digital Marketing

Android malware

Several adware apps aggressively promoted on Facebook as system cleaners and optimizers for Android devices count millions of installs on the Google Play Store.

The apps lack all promised features and push ads while trying to stay on the device as long as possible.

To evade deletion, the apps hide on the victim’s device by constantly changing icons and names, masquerading as Settings or Play Store itself.

The icon and name of the installed app will change
The icon and name of the installed app will change (McAfee)

The adware apps hijack the Contact Provider Android component, which allows them to transfer data between the device and online services.

The subsystem is invoked every time a new app is installed, so the adware might use it to initiate the ad-serving process. It can appear to the user as if the ads are being pushed by the legitimate app they have installed.

researchers at McAfee the adware apps detected. They note that once installed, users do not need to launch them to see the ads since the adware initiates itself automatically without any interaction.

The first action of these annoying apps is to create a persistent service to display the advertisements. When the process is “killed” (terminated), it immediately restarts.

The malicious service restarted almost immediately
The malicious service restarted almost immediately (McAfee)

The video below shows how the adware’s name and icon change automatically and how ads are displayed without user interaction.

Millions of downloads on Google Play

As McAfee comments in the report, users are convinced to trust the adware apps because they see a Play Store link on Facebook, leaving little room for doubt.

Facebook promotion for a cleaner app
Facebook promotion for a cleaner app (McAfee)

This has resulted in unusually high download counts for each type of application, as shown in the list below:

  1. garbage mancn.junk.clean.plp, over 1 million downloads
  2. EasyCleanercom.easy.clean.ipz, over 100,000 downloads
  3. power doctor, com.power.doctor.mnb, over 500,000 downloads
  4. Super cleancom.super.clean.zaz, over 500,000 downloads
  5. Completely clean -Clean Cache, org.stemp.fll.clean, 1M+ downloads
  6. fingertip cleanercom.fingertip.clean.cvb, over 500,000 downloads
  7. quick cleanerorg.qck.cle.oyo, over 1 million downloads
  8. Keep cleanorg.clean.sys.lunch, over 1 million downloads
  9. Windy cleanin.phone.clean.www, over 500,000 downloads
  10. carpet cleanand.crp.cln.zda, over 100,000 downloads
  11. Cool cleansyn.clean.cool.zbc, over 500,000 downloads
  12. Strong cleanin.memory.sys.clean, over 500,000 downloads
  13. Meteor cleanorg.ssl.wind.clean, over 100,000 downloads

Most of the affected users live in South Korea, Japan, and Brazil, but unfortunately, the adware has reached users all over the world.

Heatmap of infected Android users
Heatmap of infected Android users (McAfee)

The adware apps are no longer available in the Play Store. However, users who have them installed must manually remove them from the device.

System cleaners and optimizers are popular software categories despite the few benefits they offer. Cyber ​​criminals know that a large number of users would try such solutions to extend the life of their devices and often disguise malicious apps as such.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Ready to Grow Your Business?

We Serve our Clients’ Best Interests with the Best Marketing Solutions. Find out More

How Can We Help You?

Need to bounce off ideas for an upcoming project or digital campaign? Looking to transform your business with the implementation of full potential digital marketing?

For any career inquiries, please visit our careers page here.