ESET security researchers have discovered 42 Android apps on the Google Play Store that contain adware to show ads to victims to make money from them. These include applications that have been downloaded 8 million times since being launched in July 2018.
Notably, ESET discovered that the author of dozens of Android applications containing malware adware is a student living in Hanoi, Vietnam. These apps contain a new line of adware on Android dubbed Ashas by ESET.
The way ESET traced the authors of these applications showed that this Vietnamese student's app business plan had changed dramatically. In the first versions, not all applications contained this malicious code, so it was possible that at first, this student intended to trade the applications properly. After that, however, plans changed and adware injections began to take place through application updates.
Because the student still originally published valid applications and did not contain malicious code, he was not interested in hiding his identity in those applications. And so, when the malware was injected into these applications, the developer identity remained the same.
An application containing adware malicious code from this developer.
The Vietnamese developer Facebook has posted apps that contain adware.
From the email address he used to register domain names for adware, ESET tracked down individual accounts on GitHub, then YouTube and finally Facebook. If you want to know the details of how ESET traces the author of these adware applications, you can refer here
After that, the app will receive an update with Ashas adware malware hidden inside. This code works by displaying a full screen ad and overlaying it on another application.
This developer also carefully disguises the origin of these ads. To avoid detection, ads appear only after more than 24 minutes of user interaction with the infected application, and often mimic logos of other applications – such as Facebook or Google – to hide themselves. more carefully.
The ads appear full screen and are disguised with logos of other apps.
ESET said: "We notified these apps to the Google security team and they were quickly removed. However, these apps still appear on third party app stores. "
Refer to ZDNet