For the past six months, more than 60,000 Android apps disguised as legitimate applications have quietly installed adware on mobile devices while remaining undetected.

According to cybersecurity firm Bitdefender, to date, it has discovered 60,000 completely different samples (unique apps) carrying the adware and suspects there is much more in the wild, reports BleepingComputer.

Starting in October 2022, the campaign distributed fake security software, game cracks, cheats, VPN software, Netflix, and utility apps through third-party sites.

Users in the US are primarily targeted, followed by South Korea, Brazil, Germany, the UK, and France.

Buy Me A Coffee

Moreover, the report showed that the malicious apps are hosted on third-party websites in Google Search that push APKs, Android packages that allow users to manually install mobile apps, rather than on Google Play.

When users visit the sites, they will either be redirected to advertisements or prompted to download the app they are looking for.

The download sites are specifically designed to distribute malicious Android apps as APKs, which, when installed, infect Android devices with adware, the report said.

Meanwhile, Google has removed 32 malicious extensions from the Chrome Web Store, totaling 75 million downloads, that could alter search results and push spam or unwanted ads.

The extensions included legitimate functionality to keep users unaware of the malicious behavior, which was delivered in obfuscated code.

READ
Arc Browser Launches Bug Bounty Program to Boost Security After Critical Vulnerability