Security researchers recently discovered a new Android malware that hides behind mobile apps promising to give out free products.
A new type of Android malware is out to lose on the Android platform. Security researchers report that this malware hides behind the façade of some Android apps. Reports claim that the malware is part of a global botnet that deploys fraudulent ads.
New malware strain
The new malware strain is called Terracotta. It was first discovered by security researchers from White Ops, a firm specializing in botnet detection. According to the firm, they have been tracking the malware since 2019, during which it first appeared.
According to the researchers, the malware hides behind apps that are uploaded into the Google Play Store. To attract users, they are disguised as apps that offer free shoes or other perks. Aside from shoes, some apps promise to give out coupons and even medical services.
— Virus Bulletin (@virusbtn) August 28, 2020
Once the unsuspecting user installs the app, it will deploy its actual payload. Its payload involves downloading and running a modified version of WebView. The application will then run completely hidden from the user.
Once operational, WebView will launch ad frauds and collect its revenue through fake views. The entire operation is not at all complicated. Security researchers have noted that it is just a basic ad fraud scheme.
However, security researchers have pointed out that the Android malware uses clever techniques to stay completely undetected. It will then operate under the radar and target ad networks, as it siphons revenue out.
In June alone, the malware was able to generate more than two billion fake ad requests. The operation of the malware is so massive that it involves more than 65,000 infected devices.
Response from Google
Following reports of the new Android malware’s operation, Google promptly responded by removing an undisclosed number of suspected apps. However, there are concerns that not all infected apps have been removed from the Play Store.
Considering how the new malware works, it does not directly affect smartphone users. Instead, it targets and defrauds ad networks.
However, there are several negative effects every time the malware runs in the background. For one, its operation will wear the battery faster. Infected apps will also consume data, which might affect internet speed and browsing experience.
Although this new Android malware has been detected, White Ops did not release the complete list of infected apps. Nevertheless, Google is already working on banning suspected infected apps on its platform.
Featured image courtesy jivacore/Shutterstock