Half a dozen Android apps, claiming to be public services, have scammed users and generated ad revenue for developers, cybersecurity researchers say.
The apps managed to fool a number of people, as they were apparently downloaded over two million times.
Google has since removed them all from the Play Store, but users are still warned to be on their guard.
Malicious Android Apps
Dr. Web's antivirus team discovered a total of five apps whose sole purpose is to trick people into downloading them and then show them ads for as long as possible. The largest, with over a million downloads, is TubeBox.
TubeBox promises users reduced ad revenue if they sit and watch in-app ads. However, this is all a trick because when the user tries to redeem the rewards, they easily encounter different bugs and errors. Even those who manage to avoid all the mistakes simply will not receive any money.
Other applications discovered are "Bluetooth device auto connect", with one million downloads, "Bluetooth & Wi-Fi & USB driver", with 100.000 downloads, "Volume, Music Equalizer" with 50.000 downloads and "Fast Cleaner & Cooling Master", with about 500 downloads.
Apps don't just show ads: A Firebase Cloud Messaging account acts as a C2 server, telling apps which websites to load.
Some apps, such as "Fast Cleaner & Cooling Master," could also be used as a proxy server, the researchers found. With a proxy, threat actors could funnel their traffic through the infected endpoint (opens in a new tab).
Just because an app is on the Google Play Store doesn't mean it's safe by default. While Google's defense mechanisms are formidable, threat actors are always looking for new ways to integrate rogue apps into the popular app repository, and sometimes succeed. To protect yourself against such apps, always make sure to read the reviews as other users may also warn you against cheating.
Via: BleepingComputer (Opens in a new tab)