- Apps would hide on a device as soon as they are installed, to avoid removal
- They would serve unwanted, outside of context ads to the victims
- Apps were removed from the Play Store
A large campaign for ad joking that includes hundreds of Android applications has been discovered and dismantled, security researchers have said.
The Iconads campaign worked by showing ads without proper context or using consent -and to make things worse when apps were installed on an Android device, they would hide their icons from users, making it more difficult to find and uninstall.
In total, the campaign counted 352 Android apps, and during top activity it had 1.2 billion buddies a day, the researchers said.
Smuggles through
We don’t know how many devices apps were installed, but we know they managed to sneak past Google’s defense and into the Google Play store, and most of the traffic came from Brazil, Mexico and the US.
This is now remedied and these apps are removed. However, it is safe to assume that new ones will soon emerge: “Many iconad-associated apps have short shelf life before being removed from the play shop,” human scientists said.
“With the various developments of this threat, researchers continue to expect customization where new apps were published and new connection techniques added.”
The campaign has been active since at least 2019 when the first apps were uploaded to the App Repository.
Google’s Mobile App Store is generally considered safe. However, its defense is not impervious, and every now and then, malicious apps come through, at least for a short while.
For that reason, users should never blindly rely on apps, even when they come from such a reputable source. Instead, they always have to remember the download count and user reviews. Recently released apps with fewer downloads have a greater chance of being malicious, and many cyber criminals counterfeit user reviews, so it is important to read them carefully. Today, most of them are generated by AI and sound superficial and bland, and user accounts have generic names, often similar.
Via Hacker the news
