Cybersecurity researchers at Bitdefender have found a malicious advert fraud marketing campaign that has efficiently deployed over 300 functions inside the Google Play Store. These malicious apps have collectively been downloaded over 60 million instances, exposing customers to invasive adverts and phishing makes an attempt.
Malicious Apps on the Google Play Retailer
The Google Play Retailer, a well-liked platform for Android functions, has turn into a goal for cybercriminals. Regardless of Google’s efforts to take care of a protected surroundings by eradicating malicious apps, attackers constantly adapt new strategies to slide them a technique or one other.
Based on Bitdefender’s report shared with Hackread.com forward of publishing on Tuesday, its researchers together with IAS Risk Lab traced this marketing campaign again to at the least 331 malicious apps, 15 of which have been nonetheless out there on Google Play on the time of their investigation. These apps pose as innocent utilities, reminiscent of QR scanners, expense trackers, well being apps, and wallpaper apps.
Many of those apps initially appeared innocent however have been later up to date to incorporate malicious codes. The fraud marketing campaign, lively since Q3 2024, reveals no indicators of slowing down, with new malicious apps nonetheless showing on the shop as just lately as March 2025. The highest 5 counties impacted by this marketing campaign embody:
- Brazil
- United States
- Mexico
- Turkiye
- South Africa
Hidden Icons, Pushing Adverts and Phishing:
One of many strategies contain hiding the app icon from the consumer’s launcher. This technique, restricted in newer Android variations, means that attackers have both discovered a flaw or are exploiting an API vulnerability. Some apps even change their names to imitate legit providers like Google Voice, additional complicating their elimination.
These apps are designed to show full-screen adverts with out consumer consent, even when one other app is in use. Worse, they will provoke phishing assaults, tricking customers into exposing delicate info reminiscent of login credentials and bank card particulars.
Researchers have additionally revealed technical methods utilized by these malicious apps to evade detection on contaminated gadgets. One such approach is Content material Supplier Abuse, the place apps declare a contact content material supplier that’s mechanically queried by the system after set up, enabling execution with out consumer interplay.
One other tactic includes exercise launching via strategies like DisplayManager.createVirtualDisplay and different API calls, permitting the apps to start out actions with out requiring consumer permission. This system is usually used to show intrusive adverts or launch phishing makes an attempt.
To take care of persistence, these apps depend on providers and dummy receivers, guaranteeing they continue to be lively even on newer Android variations that block sure background actions.
Defend Your Units
Normally, it’s finest to obtain apps solely from official shops like Google Play and Apple’s App Retailer. Nonetheless, on this case, it’s suggested to keep away from downloading pointless apps from each official and third-party shops.
Be sure to maintain your gadget up to date so safety patches are put in mechanically. Run common malware scans and look ahead to suspicious activity, reminiscent of an app’s icon all of a sudden disappearing, its identify altering, your gadget slowing down, or extreme battery drain. In the event you discover something uncommon, delete the app instantly.
