Over two million individuals have been tricked into installing a new batch of Android malware, phishing, and adware applications that have invaded the Google Play store.
Tube Box application
Dr. Web antivirus detected the mobile apps, which masquerade as beneficial tools and system optimizers but are the source of performance glitches, advertisements, and user experience deterioration.
TubeBox, as demonstrated by Dr. Web, has one million downloads and is still accessible on google workspace‘s parent company app store at the time of writing.
TubeBox offers monetary incentives for watching videos and advertisements on the app but never delivers, displaying numerous errors when attempting to redeem the gathered awards.
Fake application scam
Many users claim that they downloaded the application because it offers monetary incentives for watching videos and advertisements on the app. However, it never delivers on its promises, instead it displays numerous errors when attempting to redeem the gathered awards.
Even customers who complete the final withdrawal stage never receive their dollars, according to the researchers, because it’s all a ruse to keep them on the app as long as possible, watching adverts and earning income for the makers.
Malvertised applications
Adware applications that surfaced on Google Play in October 2022 but were later withdrawn include:
1,000,000 downloads of Bluetooth device auto-connect (bt auto-connect group).
Bluetooth, Wi-Fi, and USB drivers (simple things for everyone) – Over 100,000 downloads
50,000 downloads of Volume, Music Equalizer (bt auto-connect group).
500 downloads of Fast Cleaner & Cooling Master (Hippo VPN LLC).
The aforementioned apps receive Firebase Cloud Messaging commands and load the webpages provided in these commands, resulting in fake ad impressions on compromised devices.
In the case of Fast Cleaner & Cooling Master, which had a modest download volume, remote operators may even configure an infected device to act as a proxy server. The threat actors might use this proxy server to route their traffic through the compromised device.
The cyber security website also discovered a collection of loan scam apps claiming to have direct relationships with Russian banks and investment groups, with an average of 10,000 downloads on Google Play.
These apps were advertised by malvertizing in other apps, with the promise of assured investment gains. These apps redirect users to scamming websites and it steals their personal information.
What is malvertising?
Malvertising, also known as malicious advertising, refers to criminally controlled advertisements within Internet-connected programs, most commonly web browsers though there are exceptions, that intentionally harm people and businesses by delivering malware, potentially unwanted programs (PUPs), and various scams. Malvertising, in other words, exploits what seems to be genuine internet advertising to disseminate malware and other risks with next to no user engagement.
How does it work?
Malvertising can appear in any advertising on any website, including those you visit regularly. Malvertising often installs a small piece of malware that connects your computer to criminal command and control (C&C) servers. The server examines your computer for its location and what software is installed on it, then decides which virus to give you based on its findings.
How to identify malvertising?
We can’t tell if an ad is real or not because hackers’ tactics are becoming more sophisticated. There are a few things we can do to reduce the likelihood of a malvertising scam.
Don’t click on ads that seem too good to be true, such as miracle cures. If anything seems too good to be true, it probably is.
Ads must appear to have been developed by a skilled graphic designer. If they don’t, don’t click on it.
Don’t click on advertisements with spelling issues, and don’t click on ads that don’t match your recent/typical search history.
Protect yourself!
To protect yourself against malvertised applications on Google Play, always look for bad reviews, read the privacy policies, and visit the developer’s website.
In general, try to restrict the number of installed applications on your smartphone to a minimum and check and ensure that Google’s Play Protect function is enabled regularly.
