Watch out - this Android malware has been installed millions of times already

Jemand bedient ein Smartphone
(Image credit: (stock.adobe.com © sitthiphong))

Half a dozen Android apps, pretending to be utility services, have been scamming users and earning the developers advertising revenue, cybersecurity researchers have claimed.

The apps have managed to fool quite a number of people, having apparently been downloaded more than two million times.

Google has since removed all of them from the Play Store, but users are still being warned to be on their guard.

Malicious Android apps

The Dr. Web antivirus team discovered a total of five apps whose only goal is to trick people into downloading them and then serve them ads for as long as possible. The biggest one, with more than a million downloads, is TubeBox.

TubeBox promises users a cut of the advertising revenue if they sit and watch ads in the app. However, the whole thing is a trick, as when the user tries to redeem the rewards, they’ll conveniently run into different bugs and errors. Even those who somehow manage to work around all of the bugs will simply not get any funds.

Other discovered apps are “Bluetooth device auto connect”, with a million downloads, “Bluetooth & Wi-Fi & USB driver”, with 100,000 downloads, “Volume, Music Equalizer” with 50,000 downloads, and “Fast Cleaner & Cooling Master”, with some 500 downloads.

The apps don’t serve just any ads - a Firebase Cloud Messaging account serves as a C2 server and instructs the apps which websites to load.

Some apps, such as the “Fast Cleaner & Cooling Master”, could also be used as a proxy server, the researchers found. With a proxy, the threat actors could channel their traffic through the infected endpoint.

Just because an app sits on the Google Play Store, does not make it secure by default. Although Google’s defense mechanisms are formidable, threat actors are always looking for new ways to squeeze fraudulent apps into the popular app repository, and succeed every now and then. To protect against such apps, always make sure to read through the reviews, as other users could be warning about the fraud, as well.

Via: BleepingComputer

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
An Android phone being held in the hand
These malicious Android apps were installed over 60 million times - here's how to stay safe
mobile phone
Popular Android financial help app is actually dangerous malware
 In this photo illustration a Google Play logo seen displayed on a smartphone.
Over 2 million risky Android apps were blocked from the Play Store last year
A close-up photo of an iPhone, with the App Store icon prominent in the center of the image.
App stores are increasingly becoming a major security worry
Android phone malware
This nasty Android malware is posing as the Telegram Premium app
 In this photo illustration a Google Play logo seen displayed on a smartphone.
Why is there so much spyware hidden in the Play Store?
Latest in Security
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Latest in News
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)