Search This Blog

Showing posts with label Adware. Show all posts

Facebook Ads Push Android Adware, Installed 7M Times on Google Play Store

 

Several adware programmes marketed aggressively on Facebook as system cleansers and optimizers for Android devices have accumulated millions of downloads from the Google Play store. 

The applications lack all of the advertised functionality and push adverts while attempting to stay on the device for as long as possible. To avoid deletion, the applications regularly change their icons and names, posing as Settings or the Play Store itself. 

Adware applications make use of the Android component Contact Provider, which allows them to transport data between the device and web services. Because the subsystem is contacted whenever a new programme is installed, the adware might exploit it to start the ad-serving process. It may appear to the user that the advertising is being pushed by the legitimate app they installed. 

McAfee researchers found the adware applications. They point out that customers do not need to activate them after installation to see the advertising because the adware runs automatically without user intervention. The first thing these intrusive apps do is set up a permanent service for displaying adverts. If the process is "killed" (terminated), it instantly restarts. 

This video demonstrates how the adware's name and icon change automatically and how ad-serving occurs without user intervention. 

According to McAfee's analysis, consumers are persuaded to believe the adware applications because they see a Play Store link on Facebook, leaving little room for uncertainty. As a result, exceptionally high download counts for the specific type of apps have emerged, as shown below:
  • Junk Cleaner, cn.junk.clean.plp, 1M+ downloads
  • EasyCleaner, com.easy.clean.ipz, 100K+ downloads
  • Power Doctor, com.power.doctor.mnb, 500K+ downloads
  • Super Clean, com.super.clean.zaz, 500K+ downloads
  • Full Clean -Clean Cache, org.stemp.fll.clean, 1M+ downloads
  • Fingertip Cleaner, com.fingertip.clean.cvb, 500K+ downloads
  • Quick Cleaner, org.qck.cle.oyo, 1M+ downloads
  • Keep Clean, org.clean.sys.lunch, 1M+ downloads
  • Windy Clean, in.phone.clean.www, 500K+ downloads
  • Carpet Clean, og.crp.cln.zda, 100K+ downloads
  • Cool Clean, syn.clean.cool.zbc, 500K+ downloads
  • Strong Clean, in.memory.sys.clean, 500K+ downloads
  • Meteor Clean, org.ssl.wind.clean, 100K+ downloads
The majority of impacted users are from South Korea, Japan, and Brazil, however, the adware has regrettably spread globally. The adware applications have been removed from the Google Play Store. Users who installed them, on the other hand, must manually delete them from the device.

Despite their limited advantages, system cleansers and optimizers are popular software categories. Cybercriminals know that many people would attempt such methods to extend the life of their gadgets, thus they disguise dangerous software as such.

Alert! Check if you have these Android Malware Apps Installed With 10M+ Downloads

 

A fresh batch of harmful Android applications containing adware and malware that have been installed on almost 10 million mobile devices has been discovered on the Google Play Store. 

The apps pretend to be picture editors, virtual keyboards, system optimizers, wallpaper changes, and other things. Their primary functionality, however, is to display invasive advertisements, subscribe users to premium services, and hijack victims' social network accounts. 

The Dr Web antivirus team discovered several dangerous applications, which they highlighted in a study published. Google has removed the great majority of the offered applications, however, three remain available for download and installation via the Play Store at the time of writing. Also, if anyone installed any of these applications before they were removed from the Play Store, then will need to manually delete them from the device and conduct an antivirus check to remove any leftovers. 

The latest dangerous Android applications Dr Web found adware apps that are variations on existing families that initially surfaced on the Google Play Store in May 2022. When the applications are installed, they ask for permission to overlay windows over any app and can add themselves to the battery saver's exclusion list, allowing them to run in the background even after the victim shuts the app. Furthermore, they hide their app drawer icons or replace them with anything resembling a fundamental system component, such as "SIM Toolkit."

"This app "killed" my phone. It keep'd crashing , i couldn't even enter password to unlock phone and uninstall it. Eventually, I had to make a complete wipe out (factory reset), to regain phone. DO NOT , install this app !!!!," read a review of the app on the Google Play Store. 

Joker applications, which are infamous for incurring false payments on victims' mobile phones by subscribing them to premium services, are the second kind of harmful apps spotted on the Play Store. Two of the featured applications, 'Water Reminder' and 'Yoga - For Beginner to Advanced,' have 100,000 and 50,000 downloads, respectively, in the Play Store. Both deliver the claimed functionality, but they also execute malicious operations in the background, interacting with unseen or out-of-focus WebView objects and charging consumers. 

Finally, Dr. Web identifies two Facebook account stealers that are disseminated through picture editing applications and use cartoon effects on ordinary images. These applications are 'YouToon - AI Cartoon Effect' and 'Pista - Cartoon Photo Effect,' and they have been downloaded over 1.5 million times in the App Store. 

Android malware will always find a way into the Google Play Store, and apps can occasionally linger there for months, so users should not blindly trust any app or no apps. As a result, it is critical to read user reviews and ratings, visit the developer's website, read the privacy policy, and pay close attention to the permissions sought during installation. 
  • Photo Editor: Beauty Filter (gb.artfilter.tenvarnist)
  • Photo Editor: Retouch & Cutout (de.nineergysh.quickarttwo)
  • Photo Editor: Art Filters (gb.painnt.moonlightingnine)
  • Photo Editor - Design Maker (gb.twentynine.redaktoridea)
  • Photo Editor & Background Eraser (de.photoground.twentysixshot)
  • Photo & Exif Editor (de.xnano.photoexifeditornine)
  • Photo Editor - Filters Effects (de.hitopgop.sixtyeightgx)
  • Photo Filters & Effects (de.sixtyonecollice.cameraroll)
  • Photo Editor : Blur Image (de.instgang.fiftyggfife)
  • Photo Editor : Cut, Paste (de.fiftyninecamera.rollredactor)
  • Emoji Keyboard: Stickers & GIF (gb.crazykey.sevenboard)
  • Neon Theme Keyboard (com.neonthemekeyboard.app)
  • Neon Theme - Android Keyboard (com.androidneonkeyboard.app)
  • Cashe Cleaner (com.cachecleanereasytool.app)
  • Fancy Charging (com.fancyanimatedbattery.app)
  • FastCleaner: Cashe Cleaner (com.fastcleanercashecleaner.app)
  • Call Skins - Caller Themes (com.rockskinthemes.app)
  • Funny Caller (com.funnycallercustomtheme.app)
  • CallMe Phone Themes (com.callercallwallpaper.app)
  • InCall: Contact Background (com.mycallcustomcallscrean.app)
  • MyCall - Call Personalization (com.mycallcallpersonalization.app)
  • Caller Theme (com.caller.theme.slow)
  • Caller Theme (com.callertheme.firstref)
  • Funny Wallpapers - Live Screen (com.funnywallpapaerslive.app)
  • 4K Wallpapers Auto Changer (de.andromo.ssfiftylivesixcc)
  • NewScrean: 4D Wallpapers (com.newscrean4dwallpapers.app)
  • Stock Wallpapers & Backgrounds (de.stockeighty.onewallpapers)
  • Notes - reminders and lists (com.notesreminderslists.app)

Fake Among Us apps floating over the internet can deploy malware and adware in your device

There is an imposter among us, quite literally - the popular gaming app has attracted many flukes and malware carrying apps made to look like the legit gaming application or mod. These malicious apps can range from harmlessly annoying to quite dangerous.

Players looking for Among Us should be cautious as to use only trustworthy sources to install the app from and look into mods and their legitimacy before using them.

These "fake" apps range from mock among us intending to swindle off from the game's success to mods, which attracts young players in the lure of hacks but actually drops malware in the system or steal data from the device.
A report from TechRadar says that currently there are 60 fake imposter apps of Among Us including apps that can i) install adware or bloatware or ii) apps that deploy malware and iii) steal financial data. 

Why Among Us? 

Among Us, a multiplayer PC and mobile game suddenly became popular in 2020. Though it was released in 2018, did not gain much attention until gaming streamers started broadcasting the game. Developed by InnerSloth, a small studio in Redmond, Washington, Among Us has stayed top five on Apple’s U.S. App Store since Sept. 1, with more than 158 million installs worldwide across the App Store and Google Play. 

Word to mouth marketing and pandemic imposed lockdown made the game quickly catch up with young players which these miscreants exploited. A young player looking for hacks and mods would be easy to dupe and install a fake app that installs adwares or one that's more damaging. 

Precautions to avoid Among Us imposter apps:

It's smart to avoid any website that claims to offer hacks, resources, packs, and mods as people without much background in gaming and the cyber world won't be able to detect malicious content. 

 
Always install the app from a trusted source and after reading comments as they would tell you if anything is wrong with the app. 

As to find out the legitimacy of mods it's best to use the community. In themselves mods are harmless but as told before some of these fake ones could add codes into your device. Use legitimate mod websites and if going for a private website then do read comments as someone would probably write any suspicious behavior on the discourse. Also, mods developed by semi-public figures or among us content creators will usually be safe.

Google Banned 29 Android Apps Containing Adware


A research discovered that almost all the malware are designed to target android users and in order to prevent users from installing adware filled apps built to stealthily access their banking and social media credentials; Google has made a continuous effort including the introduction of ‘Google Play Protect’. The main idea behind Play protect is to keep your device, apps, and data secure by automatically scanning the apps in real-time and identifying any potentially malicious apps. Despite the strength of Google’s machine learning algorithms and constantly improving real-time technology, the operations of Potentially Harmful Applications (PHAs) do not seem to halt any time soon as cybercriminals are devising new methods to evade detection by Play Protect also.

Recently, Google pulled off 29 apps from the Play Store as they were found to be infected with adware, most of these apps were present in the facade of photo editing apps having a feature of ‘blur’, which was also the codename of the investigation called as “CHARTREUSEBLUR”- that unveiled the malicious operations. The apps were discovered as a part of the White Ope’ Satori threat intelligence team. In total, these Android apps had more than 3.5 million downloads.

As per the observations, these malicious apps were promoting irrelevant advertisements which are said to be used to keep away from detection. After the victim installs any of these apps, the icon to launch the app would immediately disappear from the home screen and won’t be found anywhere, making it highly inconvenient for the users to remove the adware laden apps from their devices. Moreover, there was no open function to be found on the Play Store either.

In order to stay on a safer side, the investigation team advised Android users to stay wary of adware filled apps by examining reviews properly before downloading and not to fall for fake 5-star reviews. Apps that seem new and have received a whopping number of downloads in a short period of time should be strictly avoided.

Recently banned 29 Android applications included Color Call Flash, Photo Blur, Photo Blur Master, Super Call Screen, Square Blur Master, Blur Photo Editor, Super Call Flash, Auto Picture Cut, Square Blur Photo, Magic Call Flash amid a few others.

24 Million Adware Attacks found on Windows


Avast, a security firm, discovered in their research the growing scale of adware. According to the report, around 72% of malware on android was adware. Another report by Malwarebytes reveals some shocking numbers with 24 million windows adware detections and 30 million on Macs. Nowadays, with good search engines and added internet security, we hardly consider adware as a severe threat. There was a time, around 2002 when adware attacks were at an all-time high. It was quite common to be faced with pop-ups and adds opening another window showing adverts. Only a few software provided essential protection against these pop-ups.


But in this digital-savvy decade, we hardly consider pop-ups as a security threat, but this report by Avast tells a different story. The numbers show that adware is still very much present and thriving. "Adware is unwanted software designed to throw advertisements up on your screen, most often within a web browser." This adware campaign can have malicious intents, especially using COVID-19, to fulfill their purposes.

Kaspersky released a report in which more than 120,000 malware and adware were impersonating meeting software like Zoom. Most evident were: DealPly and DownloadSponsor. This adware has evolved from their previous counterparts to a high capacity. Now they display that install and download other adware software. In some cases, the adware DealPly and ManageX can be installed automatically with the legitimate installer and other potentially unwanted applications (PUAs). Battling with adware is a hard war because of their large numbers. There are hundreds of apps developed every day and registered; many come laden with adware. To check every single one of them is more robust than finding a needle in a haystack.

In March, Google banned 56 malicious applications, but by then, they already had around a million downloads. It is effortless for these apps to pose as legitimate and carry adware along with them. Adware is often ignored in the shadows of more severe security threats, and even though it is less harmful, it nonetheless is far more ubiquitous. Hence, security teams must be cautious of adware and take preventive steps.

Researchers Found Android Apps on Google Play that Steal Personal Data of Victims and Pose Other Threats



Security researchers identified seven new malicious apps present on Google Play Store that infect devices with adware and malware while laying open the system's backdoor access which ensures a smooth installation of any new functionality that comes along with the application. Other threats include battery drainage and excessive consumption of mobile data.

In recent times, with the mobile malware penetrating its roots in the cyber world, there have been a number of new discoveries from security researchers where they warn of malicious android apps that request sketchy permissions and contain malware. Android platform's openness, flexibility, and excess control are the key factors which make it all the more attractive to the users and likewise, cybercriminals. As a downside, it also provides a more vulnerable space for criminals to exploit by posting adware infected apps to serve marketing interests and steal sensitive user data. These apps can take different forms and mostly, share a similar code structure which indicates a direct link between the developers.

These malicious apps are configured to download and consequently install APKs from a GitHub repository, hence attackers are handling the GitHub communication very sophisticatedly, as a part of which they effectively wait to bypass detection by security officers and malware detection agencies.

Attackers have embedded a GitHub URL within the malicious app code which sets the basis for evading Google Play protect scan. However, while security researchers somehow managed to unearth the configuration data of the malicious apps and related URLs, they were directed to Adware APK which is triggered right after the installation of the infected app. The APK halts for a timeframe of 10 minutes after being triggered to execute the malicious motives.

Here, the aforementioned malicious apps have been posted by three different developers as listed below:

iSoft LLC (Developer) – Alarm Clock, Calculator, Free Magnifying Glass
PumpApp (Developer) – Magnifying Glass, Super Bright LED Flashlight
LizotMitis (Developer) – Magnifier, Magnifying Glass with Flashlight, Super-bright Flashlight

As a security measure for the continuously expanding mobile malware, Google tied up with various mobile security companies that would assist them in detecting bad apps before they hit a download mark over million. Users who have already installed these dropper apps are recommended to uninstall them manually.

Sneaky Android adware hides its own icon to avoid removal – find out how to get rid of it!



Security researchers at SophosLabs have discovered 15 apps in the Play Store that contain a manipulative strain of adware that hides its own icon in the launcher to avoid being uninstalled by making the process unusually difficult for the users, it disguises itself as a harmless system app. There is a possibility of more such apps being present on the Play Store beside these 15 discovered ones. Some apps of similar nature have gone a step further and were found upon opening the phone’s App Settings page, hidden beneath names and icons that make them appear as legitimate system apps.

Some people tend to download an app, without giving its requirement much of a thought or consideration, the habit may have led you into inadvertently downloading these malicious apps such as QR code reading, free calls and messaging, phone finder, backup utilities and image editor apps which have adware embedded in them and serve no purpose at all other than to generate revenues for the developers by displaying intrusive advertisements. To exemplify, Flash on Calls & Messages – aka Free Calls & Messages is one such app, which shows a fake error message when the user launches it, telling the user that it is incompatible with his device. Then the user is directed to the Google Play Store entry for Google Maps, to mislead the user into believing that the Maps app is the reason for the crash, which is not at all true.

On Google Play Store, most of these camouflaged apps receive negative ratings and reviews which highlight the disappointments and the issues faced by users while using the app. More than 13 lakh phones were populated by these malicious apps, according to SophosLabs.

Quoting Andrew Brandt, principal researcher at SophosLabs, "To stay safe when downloading apps from the Google Play Store, users are advised to read reviews and sort them by most recent and filter out the positive four and five-star reviews with no written text,"

"App developers have, for years, embedded ad-code into their apps as a way to help defray the costs of development, but some developers simply use their apps as a borderline-abusive platform solely to launch ads on mobile devices," he added.

How to get rid of adware apps? 

Referencing from the advise given by Andrew Brandt, "If you suspect that an app you recently installed is hiding its icon in the app tray, tap Settings (the gear menu) and then Apps & Notifications. The most recently opened apps appear in a list at the top of this page."

"If any of those apps use the generic Android icon (which looks like a little greenish-blue Android silhouette) and have generic-sounding names (‘Back Up,’ ‘Update,’ ‘Time Zone Service’) tap the generic icon and then tap ‘Force Stop’ followed by ‘Uninstall.’ A real system app will have a button named ‘Disable’ instead of ‘Uninstall’ and you don’t need to bother disabling it."

"To stay safe when downloading apps from the Google Play Store, users are advised to read reviews and sort them by most recent and filter out the positive four and five-star reviews with no written text,"

"If several reviews mention specific undesirable behavior, it's likely best to avoid that particular app," he says. 

Malicious Android Adware Infects Approximately 200 Apps on Play Store



 A monstrous adware campaign nicknamed "SimBad" was found to be in around 206 applications on Google Play Store, known to have been downloaded roughly 150 million times. Since most of them are simulation type games, thus the term 'SimBad' has been coined.

The designers of the applications may not be entitled totally to the blame as they also may have been baited by false promises. They may have not understood that they were utilizing a promotion related software development kit or SDK whose reason for existing is to install adware on devices.

Once an application infected by SimBad gets downloaded, the adware registers itself on the system with the goal that it can keep running on boot and from that point onwards, it can perform activities like opening a browser page to phish user information, open an application store including Google Play Store (to be specific) potentially malicious application, or even download and install an application in the background.

As per Security outfit Check Point, the applications perform different malicious behavior that the user's need to be wary of, including:
  1. Showing ads outside of the application, for when the user unlocks their phone or uses other apps.
  2. Constantly opening Google Play or 9Apps Store and redirecting to another particular application, so the developer can profit from additional installations.
  3. Hiding its icon from the launcher in order to prevent uninstallation.
  4. Opening a web browser with links provided by the app developer.
  5. Downloading APK files and asking the user to install it.
  6. Searching a word provided by the app in Google Play.

As a matter of fact, SimBad is less appalling than other malware that got away from Google's notice however it does as of now can possibly accomplish more harm as, according to Checkpoint, "SimBad' has abilities that can be divided into three groups namely - Show Ads, Phishing, and Exposure to other applications.

Keeping in mind the user privacy, Google has officially brought down the infected applications and will doubtlessly add the adware strain to Google Protect’s AI.

Users Warned Against Unofficial Sites Pushing Notepad2 Adware Bundles





The users' anticipating to download the exceptionally well known Notepad substitution called Notepad2, are cautioned once more to be careful of sites made to look official, however really disseminate Notepad2 as an adware bundle.

The search result was for a site called Notepad2.com, when done as such through Bing, their insight card expressed that the official site is flos-freeware.ch. Now, while the site appeared to be unique and marketier, users' would simply assume that the developer made a committed site for it. The only odd thing to be observed was that the logo they were utilizing was one that was very similar to the one for Notepad++.

It isn't until the point when the user attempts to download the executable and ESET blocked the document from being downloaded then they understand that something isn't right. When they scroll to the very bottom of the page did they'll see an explanation this was an “unofficial website dedicated to the opensource software” this is the moment that they will realize that the site was plainly made to distribute adware bundles with the end goal to generate a couple of bucks for the developer.

Whenever downloaded, the installer has the genuine name of Notepad2-x64_1746715231.exe. Whenever executed, however, it is rapidly evident this is an adware bundle. When clicked next, the user will be demonstrated different offers. On the Windows 10 machine, the user will be possibly offered Opera and on an Any.Run install it very well may be the game War Thunder.

At the point when done installing the offers, it will download a zipped copy of Notepad2 and spare it in the Downloads folder.

That regardless of whether they user conceives that they know how to spot tricks and scams, have a great understanding about computer security and malware, and attempt to be diligent, they can even now get in trouble on the web.

So it is advised for the users to be extremely watchful out there, and accomplish more research before downloading softwares except if they know it's originating from a respectable source, which is ideally the developer's webpage.


Zacinlo Malware; Yet another Threat for All Windows 10 Users


Researchers at Bitdefender have recently discovered a powerful malware that takes control over the PC and spams with advertisements. They have named it 'Zacinlo' after the last and final payload, looking at this as a transitory name for an intricate code. In any case, the Zacinlo malware has been around for almost six years extremely contaminating various Windows users.

The researchers at the Cyber Threat Intelligence Lab, following a year of research have published a rather detailed paper about this malware. Despite the fact that the malware has been around since 2012, it became the most active in late the 2017, state the researchers while clarifying about their work.

Zacinlo is said to be so powerful to the point that it has the capability of deactivating the most anti- malware directly accessible. Well known targets of Zacinlo incorporate Bitdefender, Kingsoft, Symantec, Microsoft, Avast, and various different programs.

Once installed, it altogether takes control over the user's framework for noxious exercises. These incorporate controlling the OS, forestalling against malware activities, at last accomplishing its fundamental objective – to display ads and generate income. This is accomplished by infusing contents in webpages.

 “The infection chain starts with a downloader that installs an alleged VPN application. Once executed, it downloads several other components, as well as a dropper or a downloader that will install the adware and rootkit components.”

Zacinlo effectively keeps running on most commonly utilized programs, including Chrome, Firefox, Internet Explorer, Edge, Safari, and Opera. As this adware starts working, it wipes out some other adware exhibit in the victim's PC to accomplish its main objectives. It at that point shows advertisements in order to produce income by getting the snaps.

The advancement of this malware makes its detection extremely hard. However, there is one route through which you can detect the presence of Zacinlo in the victim's PC. As stated by Bogdan Botezatu, the senior e-Threat Analyst at Bitdefender.

“Since the rootkit driver can tamper with both the operating system and the anti-malware solution, it is better to run a scan in this rescue mode rather than running it normally.”

Regardless of this all the windows users are thus instructed to stay wary while downloading any outsider applications or applications from untrusted sources to shield themselves from any malware attacks.