- Twenty-one apps featuring adware have been downloaded over 8 million times on Google Play Store.
- The discovered adware family has been dubbed Ashas by ESET researchers.
- Investigations have revealed the identity of the malicious app developer.
A hacker has published dozens of apps bundled with adware on Google Play Store that have been downloaded over 8 million times. This is according to a recent research report published by ESET.
The security firm has so far identified 42 apps that have been running undetected for over a year now. Twenty-one had been previously reported and removed by Google, but are still available via third-party app download sites.
The family of malicious applications, dubbed Ashas by the ESET security team, sends sensitive device data to the hacker’s configuration server after installation. Details sent include the device type, operating system, and available storage. With this data, the server determines the aptest configuration settings to send. Once installed, chances of detection drop significantly.
Some procedures used to avoid detection include pausing of adware activity until Google Play Store security tests are over. Ads are also displayed at intervals of over 20 minutes, making them harder to catch.
Google Play Store has in the past come under fire for publishing maleficent apps. The rogue applications typically maintain their functionality and mimic legit software, such as Facebook and Google, when users try to ascertain the source of the ads.
The apps are also incredibly hard to get rid of, and attempts to uninstall them normally lead to the icon getting removed while the actual processes run in the background. They also conceal harmful executable code under whitelisted Google processes to avoid scrutiny.
By looking at details used to register the configuration server, the ESET security team has been able to uncover the identity of the person behind the Ashas adware campaign. The email address used to register the server domain apparently belongs to a Vietnamese university student. Investigators have also been able to find the hacker’s Facebook account, which features app creation tutorials.
Some of the developer’s apps were previously published on the Apple App Store before being removed for some unclear violation. None contain any adware functionality. Applications that download an adware payload are becoming more common.
Some apps have been found to have both tainted and non-tainted versions. The clean ones usually rank high on Google Play Store and do not get removed. The malicious versions, however, stand a chance of being downloaded by error and making the individuals behind them more cash in the short-term.
Adware is generally less intrusive and dangerous than malware. This type of software is generally used for advertising purposes. It places a load on a device’s operational resources and can be used to gather personal information. Adware can also display misleading advertisements.
Google has a team of researchers, dubbed Project Zero, that is tasked with finding malicious apps on its platforms. The unit is also responsible for developing and releasing vulnerability patches.
Experts have cautioned that the sheer size of the Google Play Store platform may lead to more types of malicious software getting through. Security researchers have called for more rigorous screening tests to prevent the spread of harmful software.