Cybersecurity researchers have claimed that half a dozen Android apps, which pretend to be utility services, deceive users and earn advertising revenue for developers.
The apps have managed to fool a large number of people, as they seem to have been downloaded more than 2 million times.
Google has since removed them all from the Play Store, but users are still warned to be careful.
Malicious Android apps
Discover the Dr. Web Antivirus is a total of five applications whose sole purpose is to trick people into downloading them and then show them ads for as long as possible. The biggest one, with over 1 million downloads, is TubeBox.
TubeBox promises users a cut of ad revenue if they sit and watch ads in the app. However, the whole thing is a scam, because when the user tries to redeem the rewards, they will conveniently encounter various errors and bugs. Even those who somehow manage to beat all the bugs simply won’t get any money.
Other apps detected are “Auto Connect Bluetooth Device”, with 1 million downloads, “Bluetooth & Wi-Fi & USB driver”, with 100,000 downloads, “Volume, Music Equalizer” with 50,000 downloads, and “Fast Cleaner & Cooling Master”, with about 500 downloads.
The apps don’t just display any ads – your Firebase Cloud Messaging account acts as a C2 server and directs the apps to websites to load.
The researchers found that some applications, such as “Fast Cleaner & Cooling Master”, can also be used as a proxy server. Using a proxy, threat actors can route their traffic through the infected endpoint (Opens in a new tab).
Just because an app is on the Google Play Store, doesn’t make it safe by default. Although Google’s defense mechanisms are formidable, threat actors are always looking for new ways to squeeze fraudulent apps into the popular app repository, and succeed every now and then. To guard against such apps, always make sure you read reviews, as other users may warn of scams as well.
Via: BleepingComputer (Opens in a new tab)