New Android malware hides behind apps that gives out free perks

Security researchers recently discovered a new Android malware that hides behind mobile apps promising to give out free products.

A new type of Android malware is out to lose on the Android platform. Security researchers report that this malware hides behind the façade of some Android apps. Reports claim that the malware is part of a global botnet that deploys fraudulent ads.

New malware strain

The new malware strain is called Terracotta. It was first discovered by security researchers from White Ops, a firm specializing in botnet detection. According to the firm, they have been tracking the malware since 2019, during which it first appeared.

According to the researchers, the malware hides behind apps that are uploaded into the Google Play Store. To attract users, they are disguised as apps that offer free shoes or other perks. Aside from shoes, some apps promise to give out coupons and even medical services.

Once the unsuspecting user installs the app, it will deploy its actual payload. Its payload involves downloading and running a modified version of WebView. The application will then run completely hidden from the user.

Once operational, WebView will launch ad frauds and collect its revenue through fake views. The entire operation is not at all complicated. Security researchers have noted that it is just a basic ad fraud scheme.

However, security researchers have pointed out that the Android malware uses clever techniques to stay completely undetected. It will then operate under the radar and target ad networks, as it siphons revenue out.

In June alone, the malware was able to generate more than two billion fake ad requests. The operation of the malware is so massive that it involves more than 65,000 infected devices.

Response from Google

Following reports of the new Android malware’s operation, Google promptly responded by removing an undisclosed number of suspected apps. However, there are concerns that not all infected apps have been removed from the Play Store.

Considering how the new malware works, it does not directly affect smartphone users. Instead, it targets and defrauds ad networks.

However, there are several negative effects every time the malware runs in the background. For one, its operation will wear the battery faster. Infected apps will also consume data, which might affect internet speed and browsing experience.

Although this new Android malware has been detected, White Ops did not release the complete list of infected apps. Nevertheless, Google is already working on banning suspected infected apps on its platform.

Featured image courtesy jivacore/Shutterstock

Micky is a news site and does not provide trading, investing, or other financial advice. By using this website, you affirm that you have read and agree to abide by our Terms and Conditions.
Micky readers - you can get a 10% discount on trading fees on FTX and Binance when you sign up using the links above.