Bitdefender security researchers have identified a large -scale advertising fraud campaign that implemented hundreds of malicious applications in Google Play Store that evaded the security of Android registering millions of downloads.
The official Google Play store application store It is a preferred objective for cybercriminals. The Internet giant has been making a great effort to stop them and the Android integrated security system, Google Play Protect, received important updates in 2024 to improve real -time protection against malicious applications, scams and fraud, even for those installed outside the store. Last year, the protection suite scanned more than 200,000 million daily applications.
Google Play Store, a preferential goal for cybercrime
But campaigns to upload malicious applications evading existing protections continue to exist, as reflected in the latest Bitdefender report. The firm has discovered 331 malicious applications that, as a whole, They have been downloaded about 60 million times. At the end of this research 15 of these applications were still available.
Cybercriminals have found a form of avoid Android security measures and use different techniques to stay hidden on the devices once these applications have been downloaded. In addition, these applications can be started without the user’s interaction, something that, in theory, should not be technically possible from Android 13.
Once installed, these applications collect the credentials and credit card numbers Users use when using different online services. On the other hand, although these applications have concrete functionalities in most cases, they are also designed to show aggressive ads, full screen and out of context on other applications, and without any permission. This same behavior is used to show elements of the user interface that present attempts to phishing.
Technicallymalicious applications declare a contact content provider that the system automatically consults once the installation is completed and the application entry point loaded. In some of the most recent samples, they observed an evolution in the methods of criminals to evade detection techniques by adding that type of content provider referenced as a chain in resources.
This is probably one of the reasons why the report has revealed so many additional applications added to this fraudulent massive campaign. And it is that attackers usually find ways to adapt when their methods are discovered and the applications are eliminated from the store.
A ‘cat and mouse game’ that gets Attacks aimed at mobile devices are increasingly frequent and sophisticated. Bitdefender recommends cheaper caution when downloading mobile applications and using antimalware protection, additional to which Google includes, in all its devices.
