ESET hunts down the developer and operator of Android adware affecting 8 million users

With over 2.8 million available apps in Google’s Play Store, malicious actors can occasionally slip through Google’s stringent verification system.

ESET researchers have detected 42 Android apps in the Google Play store using several tricks to stay hidden. ESET says 21 of them were active at the time of the discovery.

This money-making adware campaign has been reportedly running for about a year now, with the involved Android apps installed eight million times from Google Play alone.

These apps have been identified as belonging to the Android/AdDisplay.Ashas family. They can steal key data about the affected device, Lukas Stefanko, a malware researcher working with ESET, wrote in a blog post today.

Apps of the Android/AdDisplay.Ashas family reported to Google by ESET. Image from ESET.

The malicious apps were removed by the Google security team after being reported. However, certain third-party app stores still house these apps.

The tricks that the attacker uses for stealth, resilience and displaying ads include mimicking Google and Facebook apps to avoid suspicion, and deleting their shortcut icon for longer resilience and making them more difficult to remove.

ESET researchers also found that the developer had appended many of the package names with “com.google”, which can sometimes bypass simple name-checking algorithms and certain sandboxes.

Is adware harmful? The answer is yes

The users of apps containing adware usually do not understand the real nature of these malicious apps. This is the reason why it is important not to trust these apps or their developers. They look absolutely normal but act maliciously by:

  • Gathering personal information and device information of the user
  • Scamming users with intrusive ads
  • Wasting the battery resources of the users’ devices
  • Generating increased network traffic

About the attacker

ESET tracked down the operator of this campaign and developer of the adware using open-source information. A student at an Vietnamese university, he has also been identified as the owner of the C&C server. In addition, he also has some apps in Apple’s app store. Some of them are iOS versions of the apps that have been removed from Google Play, however none contain adware functionality, wrote Stefanko.

ESET researchers also discovered that the attacker’s Youtube channel propagates the Ashas adware and his other projects. As for the Ashas family, one of the associated promotional videos, “Head Soccer World Champion 2018 – Android, iOS” was viewed almost three million times and two others reached hundreds of thousands of views, the blog reported.

The researchers were also able to extract the malicious developer’s Facebook profile. Linked on his profile, researchers found a Facebook page – Minigameshouse, and an associated domain – minigameshouse[.]net. Through this, he promotes a large number of games beyond the Ashas family for download on both Google Play and the App store. Some of them did not contain any adware functionality, however Google has still removed all of them from Google Play.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Pragya Sehgal
Pragya Sehgal
Born and raised in the capital city of India - Delhi - bounded by the river Yamuna on the west, Pragya has climbed the Himalayas, and survived medical professional stream in high school without becoming a patient or a doctor. Pragya now makes her home in Canada with her husband - a digital/online marketing fanatic who also loves to prepare delicious meals for her. When she isn’t working or writing around tech, she’s probably watching art films on Netflix, or wondering whether she should cut her hair short or not. Can be contacted at psehgal@itwc.ca or 647.695.3494.

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now