Bitdefender today publishes new research into a massive malware campaign targeting Android applications that has remained undetected for at least six months: So far, 60,000 malicious apps have been identified (and growing) that use techniques to sneak and trick users install them to spread adware, banking Trojans and ransomware on Android devices to generate profit.
The campaign mainly involves those who install apps from sources other than Google Play and who are looking for “modified” applications for popular games and services such as YouTube, Netflix, TikTok, fake security software, free VPNs, fake tutorials, public apps utilities such as weather or pdf viewer and others. Usually, modded applications are modified original applications with all their functionality unlocked or with initial programming changes.
This discovery was made possible by a new technology recently introduced by Bitdefender called App Anomaly, which uses machine learning models to detect suspicious app behavior even after it’s installed on devices.
Main results:
- Cybercriminals need to convince users to download malicious apps, so they disguise these applications as popular apps or sought-after products that are not found on the official Google Play store.
- The moment the user tries to install the app an error message appears which tricks the user into thinking that the installation failed when in reality the malicious app is hidden in the system, listed only in the section Settings > App info, always at the bottom of the list, without a name and with an empty icon.
- The error message technique, coupled with a specially created time delay for malicious activity, makes detection extremely difficult.
- For example, a typical mechanism of this campaign occurs when the user opens a website from a Google search for a “modded” application and is redirected to a random advertising page. Sometimes, that page is a malware download page masquerading as a legitimate download of the modded app the user was looking for.
- The United States is the most targeted country with 55%, followed by South Korea with 9.8%. The campaign currently only marginally affects Europe: United Kingdom (2.71%) France (2.56%) and Italy (1.93%), but Bitdefender invites all users to be alert because the choice of targets could quickly change.
Attacks targeting mobile devices are becoming more frequent and sophisticated. Bitdefender urges consumers and businesses to be careful when downloading applications and suggests downloading only from trusted sources and using anti-malware protection on all devices.