Android Apps Identify Google IPs to Delay Malicious Behavior

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Dozens of Android apps designed to flood phone screens with ads hide their malicious behavior when a Google IP is detected. Collectively, they were installed 8 million times.
The developer of the 42 apps that made it into the official Android store added some tricks that made it more difficult to identify the source of the adware on devices.
Using publicly available information, security researchers were able to determine his identity, including his education level and college grades, social media profiles, and activity as a mobile app developer.
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
Seeing that the developer did not take any measures to protect his identity, it seems likely that his intentions weren’t dishonest at first – and this is also supported by the fact that not all his published apps contained unwanted ads.

At some point in his Google Play “career”, he apparently decided to increase his ad revenue by implementing adware functionality in his apps’ code. The various stealth and resilience techniques implemented in the adware show us that the culprit was aware of the malicious nature of the added functionality and attempted to keep it hidden.

Sneaking unwanted or harmful functionality into popular, benign apps is a common practice among “bad” developers, and we are committed to tracking down such apps. We report them to Google and take other steps to disrupt malicious campaigns we discover. Last but not least, we publish our findings to help Android users protect themselves.

Kudos to Esets security researchers and big thanks for a great share @silversurfer (y):emoji_beer:
 

LASER_oneXM

Level 37
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
First of all, if you have any of the below-listed apps installed on your Android device, you are advised to uninstall it immediately.

Cybersecurity researchers have identified 42 apps on the Google Play Store with a total of more than 8 million downloads, which were initially distributed as legitimate applications but later updated to maliciously display full-screen advertisements to their users.

Discovered by ESET security researcher Lukas Stefanko, these adware Android applications were developed by a Vietnamese university student, who easily got tracked likely because he never bothered to hide his identity.

The publicly available registration details of a domain associated with the adware apps helped find the identity of the rogue developer, including his real name, address, and phone number, which eventually led the researcher to his personal accounts on Facebook, GitHub, and YouTube.
 
F

ForgottenSeer 823865

in Vietnam most people don't care much of ads, they just wait or close them; so for the dev, what he did is not so "malicious".
 
F

ForgottenSeer 823865

Too bad they didn't release the rouge dev's info. Awfully kind of them.
What are you talkimg about? The dude isnt a criminal, he made apps displaying annoying ads, it is not a crime.
And after all, he forced no one to install his apps.
Millions of installs, and no one complained to Googgle until ESET.
Most people dont even care of this except forum Geeks.
ESET just show off and went after a poor guy who jusr needed more money.
why they dont do the same with ransomware writers , ah yes because they are real criminals with real guns, not some inoffensive clever students.
 

DDE_Server

Level 22
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
What are you talkimg about? The dude isnt a criminal, he made apps displaying annoying ads, it is not a crime.
And after all, he forced no one to install his apps.
Millions of installs, and no one complained to Googgle until ESET.
Most people dont even care of this except forum Geeks.
ESET just show off and went after a poor guy who jusr needed more money.
why they dont do the same with ransomware writers , ah yes because they are real criminals with real guns, not some inoffensive clever students.
and they that make AV Vendors sell their solution
 
  • Like
Reactions: codswollip

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top