- Apps would hide on a device as soon as they're installed, to avoid removal
- They would serve unwanted, out-of-context ads to victims
- The apps were removed from the Play Store
A major ad fraud campaign comprising hundreds of Android applications has been discovered and dismantled, security researchers HUMAN have said.
The IconAds campaign worked by displaying ads without proper context, or user consent - and to make matters worse, once the apps were installed on an Android device, they would hide their icons from the users, making it more difficult to find and uninstall.
In total, the campaign counted 352 Android apps, and during peak activity, it had 1.2 billion bid requests a day, the researchers said.
Smuggling through
We don’t know on how many devices the apps were installed, but we do know that they managed to sneak past Google’s defenses and into the Google Play Store, and the majority of traffic came from Brazil, Mexico, and the United States.
This has now been remedied, and these apps removed. However, it’s safe to assume that new ones will emerge soon: "Many IconAds-associated apps have short shelf lives before being removed from the Play Store," HUMAN researchers said.
"With the several evolutions of this threat, researchers expect continued adaptation, with new apps published and new obfuscation techniques added."
The campaign has been active since at least 2019, when the first apps were uploaded to the app repository.
Google’s mobile app store is generally considered safe. However, its defenses are not impenetrable, and every now and then, malicious apps get through, at least for a short while.
For that reason, users should never blindly trust apps, even when coming from such a reputable source. Instead, they should always mind the download count and user reviews. Newly released apps with fewer downloads have a higher chance of being malicious, and many cybercriminals spoof user reviews, so it is important to carefully read them. Nowadays, most of them are generated by AI and sound superficial and bland, and user accounts have generic names, often similar to one another.
Via The Hacker News
You might also like
- These malicious Android apps were installed over 60 million times - here's how to stay safe
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
