Watch out - this Android malware has been installed millions of times already

Multiple Android apps found generating malicious ad revenue

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Half a dozenAndroidapps, pretending to be utility services, have been scamming users and earning the developers advertising revenue, cybersecurity researchers have claimed.

The apps have managed to fool quite a number of people, having apparently been downloaded more than two million times.

Googlehas since removed all of them from thePlay Store, but users are still being warned to be on their guard.

Malicious Android apps

The Dr. Webantivirusteam discovered a total of five apps whose only goal is to trick people into downloading them and then serve them ads for as long as possible. The biggest one, with more than a million downloads, is TubeBox.

TubeBox promises users a cut of the advertising revenue if they sit and watch ads in the app. However, the whole thing is a trick, as when the user tries to redeem the rewards, they’ll conveniently run into different bugs and errors. Even those who somehow manage to work around all of the bugs will simply not get any funds.

Other discovered apps are “Bluetooth device auto connect”, with a million downloads, “Bluetooth & Wi-Fi & USB driver”, with 100,000 downloads, “Volume, Music Equalizer” with 50,000 downloads, and “Fast Cleaner & Cooling Master”, with some 500 downloads.

This Android malware is so dangerous, even Google is worried>These malicious Android apps have been downloaded over a million times>Here are the best ID theft protection solutions around

The apps don’t serve just any ads - a Firebase Cloud Messaging account serves as a C2 server and instructs the apps which websites to load.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Some apps, such as the “Fast Cleaner & Cooling Master”, could also be used as a proxy server, the researchers found. With a proxy, the threat actors could channel their traffic through the infectedendpoint.

Just because an app sits on the Google Play Store, does not make it secure by default. Although Google’s defense mechanisms are formidable, threat actors are always looking for new ways to squeeze fraudulent apps into the popular app repository, and succeed every now and then. To protect against such apps, always make sure to read through the reviews, as other users could be warning about the fraud, as well.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time