[ad_1]
Android users are under attack again, but this latest threat has targeted the popular platform in a whole new way. The attack, which was first detected by the White Ops team, used the lure of a free trainers gift for users to download malware-laden apps.
Once installed, the apps quietly set out to install adware that clogged the phone and could then run ads in the background without the owner knowing.
This deceptive trick has the ability to generate huge sums of money for cybercriminals and since the ads do not appear on the screen, it is incredibly difficult to detect.
Once reported about the problem, Google instantly removed all the offending apps, but not before they had been installed thousands of times and infected more than 65,000 devices in June alone.
The attack, codenamed TERRACOTTA, has been around since last year and Android fans promised they would receive a new pair of sneakers 14 days after installing the app and completing their details.
READ MORE: Android users could DOUBLE their money with a little-known Play Store incentive
Of course, the shoes never arrive and all that people have left is an app that is making money for someone else courtesy of their phone.
As the White Ops team explains, “These apps didn’t really offer free shoes, and users were left empty-handed (and barefoot).
“Many ‘rogue’ applications like these on the Internet entice users to install them under false pretenses, do not provide any meaningful functionality, and proceed to bombard their users with intrusive and unwanted advertisements.”
The reason this latest attack was so unique was how it avoided detection.
Upon further analysis by the Satori team, it became obvious that these apps were a delivery platform for some other functionality, lying dormant even beyond the promised 14-day shoe delivery window. The actual free “product” smuggled out to users was a new payload of ad fraud malware.
The TERRACOTTA malware operation is particularly notable for its advanced knowledge of plausibly performing ad fraud, indicating a seasoned operation well versed in the nuances of ad technology and ad verification.
Google has confirmed that it has taken the threat seriously and has now removed all the offending apps from its Play Store.
In a statement, the US firm said: “Due to our collaboration with White Ops investigating the TERRACOTTA ad fraud operation, their critical findings helped us connect the case with a previously found set of mobile applications and identify additional bad applications. This allowed us to act quickly to protect users, advertisers and the wider ecosystem. When we determine policy violations, we take action. “
[ad_2]
