- Bitdefender found more than 300 Android apps used to display unwanted ads
- Almost all apps have so far been removed from the Play Store
- Some of the apps even tried to steal sensitive data
Hundreds of Android applications, installed millions of times from the Google Play Store, were part of a large-scale ad fraud campaign that displayed unwanted ads and tried to steal sensitive data from the victims, experts have warned.
Cybersecurity researchers from Bitdefender, who also credited IAS Threat Lab, said they discovered at least 331 apps that were available via the Google Play Store which, cumulatively, amassed more than 60 million downloads, mostly on older Android variants (Android 13 and older).
The apps were mimicking simple utility apps such as QR scanners, expense tracking apps, health apps, wallpaper apps, and others.
Protecting your Android phone
Most applications first became active on Google Play in Q3 2024, and by the time Bitdefender’s research completed, only 15 remained active. The vast majority of victims are located in Brazil, followed by the US, Mexico, Turkey, and South Korea.
When the victims downloaded one of the apps, they first hide their icons from the launcher (something that’s only possible on older versions of Android). The apps retained “some functionality”, but they are able to show out-of-context ads over other applications in the foreground. Some try to gather user credentials, credit card data, and other information.
Some apps can even start without user interaction, something that shouldn’t be possible even on Android 13.
While eventually all of the apps will be removed from the Play Store, people who have them installed on their devices remain at risk. If your Android smartphone is acting strange (lagging, displaying ads over different ads, overheating, spending data while idle), make sure to remove any unwanted apps, or those that you aren’t actively using.
Furthermore, if possible, make sure to use the latest version of Android. At the moment, that is Android 15, with the next iteration scheduled for later in 2025.
Leave a comment