Hundreds of Android apps band together in massive scam campaign targeting millions - here's what we know

Man looking at smartphone
Behöver du en VPN till din Android? (Image credit: Shutterstock)

  • Apps would hide on a device as soon as they're installed, to avoid removal
  • They would serve unwanted, out-of-context ads to victims
  • The apps were removed from the Play Store

A major ad fraud campaign comprising hundreds of Android applications has been discovered and dismantled, security researchers HUMAN have said.

The IconAds campaign worked by displaying ads without proper context, or user consent - and to make matters worse, once the apps were installed on an Android device, they would hide their icons from the users, making it more difficult to find and uninstall.

In total, the campaign counted 352 Android apps, and during peak activity, it had 1.2 billion bid requests a day, the researchers said.

Get 55% off Incogni's Data Removal service with code TECHRADAR

Get 55% off Incogni's Data Removal service with code TECHRADAR

Wipe your personal data off the internet with the Incogni data removal service. Stop identity thieves
and protect your privacy from unwanted spam and scam calls.

Smuggling through

We don’t know on how many devices the apps were installed, but we do know that they managed to sneak past Google’s defenses and into the Google Play Store, and the majority of traffic came from Brazil, Mexico, and the United States.

This has now been remedied, and these apps removed. However, it’s safe to assume that new ones will emerge soon: "Many IconAds-associated apps have short shelf lives before being removed from the Play Store," HUMAN researchers said.

"With the several evolutions of this threat, researchers expect continued adaptation, with new apps published and new obfuscation techniques added."

The campaign has been active since at least 2019, when the first apps were uploaded to the app repository.

Google’s mobile app store is generally considered safe. However, its defenses are not impenetrable, and every now and then, malicious apps get through, at least for a short while.

For that reason, users should never blindly trust apps, even when coming from such a reputable source. Instead, they should always mind the download count and user reviews. Newly released apps with fewer downloads have a higher chance of being malicious, and many cybercriminals spoof user reviews, so it is important to carefully read them. Nowadays, most of them are generated by AI and sound superficial and bland, and user accounts have generic names, often similar to one another.

Via The Hacker News

You might also like

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.