- Applications would hide in a device as soon as they are installed, to avoid extraction
- They would serve unwanted and out of context to the victims
- Applications were removed from play store
An important advertising fraud campaign that includes hundreds of Android applications, according to human security researchers, has been discovered and dismantled.
The iconads campaign worked showing ads without the right context, or the user’s consent, and to worsen things, once the applications were installed on an Android device, they would hide their icons to the users, which makes it difficult to search and uninstall.
In total, the campaign counted 352 Android applications, and during the maximum activity, it had 1.2 billion offer requests per day, the researchers said.
Smuggled
We do not know how many devices the applications were installed, but we do know that they managed to overlook Google’s defenses and in the Google Play store, and most of the came from Brazil, Mexico and the United States.
This has now remedied and these applications deleted. However, it is safe to assume that the new ones will arise soon: “Many applications associated with ICONES have short lives on the shelf before being removed from play store,” human researchers said.
“With the various evolutions of this threat, researchers expect continuous adaptation, with new published applications and new aggregate obfuscation techniques.”
The campaign has been active since at least 2019, when the first applications were loaded in the application repository.
The Google mobile application store is usually considered safe. However, their defenses are not impenetrable, and occasionally, malicious applications pass, at least for a short time.
For that reason, users should never blindly trust applications, even when they come from such a good reputation source. On the other hand, the discharge count and user reviews should always import. Applications recently launched with less downloads are more likely to be malicious, and many cybercriminal counterfeit users, so it is important to read them carefully. Today, most of them are generated by AI and sounds superficial and soft, and user accounts have generic names, often similar to each other.
Through The hacker news
