Bitdefender warns {that a} main advert fraud marketing campaign within the Google Play Retailer resulted in additional than 60 million downloads of malicious apps.
The attackers managed to put at the very least 331 malicious apps within the Play Retailer. Along with displaying full-screen advertisements, among the apps additionally directed customers to phishing websites designed to reap their credentials.
“Most functions first turned lively on Google Play in Q3 2024,” Bitdefender says. “After additional evaluation, we noticed that older ones that had been printed earlier have been initially benign and didn’t comprise malware parts. The malicious habits was added afterward, beginning with variations from the start of Q3.
To be clear, that is an lively marketing campaign. The most recent malware printed within the Google Play Retailer went stay within the first week of March, 2025. After we completed the investigation, per week later, 15 functions have been nonetheless out there for obtain on Google Play.”
The apps posed as common utility companies, similar to QR scanners, funds planners, well being apps, and lots of others.
“One technique to maintain a malicious app hidden from the consumer is to cover the icon – a habits that’s not allowed within the Android OS,” the researchers write. “We discover that attackers used a number of approaches to resolve this downside. The most well-liked and attention-grabbing one can be seemingly essentially the most environment friendly.
The app comes with the Launcher Exercise (e.g., that the consumer sees and clicks on) disabled by default. Afterwards, by abusing the startup mechanism supplied by the content material supplier, the samples use native code to allow the launcher, which is probably going carried out as an extra method to evade detection.”
KnowBe4 empowers your workforce to make smarter safety selections every single day. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and scale back human threat.
Bitdefender has the story.
