Security experts have issued a warning about a massive advertisement fraud campaign that allegedly served full-screen ads and carried out phishing attacks from hundreds of destructive apps released on the Google Play Store.
In a statement shared with The Hacker News, Bitdefender claimed that” the software try to persuade patients to give away qualifications and credit card information in hacking attacks.”
Details of the activity were first made public by Integral Ad Science ( IAS ) earlier this month, documenting the discovery of over 180 apps that were designed to install endless and intrusive full-screen interstitial video ads. The ad-fraud plan was given the name Vapor.
These apps masqueraded as genuine apps, which have since been removed by Google, and have since received more than 56 million downloads, generating over 200 million pay requests every day.
The IAS Threat Lab reported that the fraudsters behind the Vapor activity have set up several developer accounts, each hosting a small number of apps to spread their operation and fend off detection. This distributed installation makes sure that any individual account takedown would have a minimal impact on the overall procedure.
The procedure has been able to trick unaware users into installing them by imitating relatively safe utility, exercise, and lifestyle applications.
Another crucial element is that the danger actors have been discovered using a deceptive technique known as refactoring, which involves publishing to the Play Store a useful app without any harmful functionality that passes Google’s vetting process. In later app updates, the features are removed to display aggressive ads.
In addition, the ads completely circumvent the device’s screen and stop the victim from using it, rendering it largely useless. According to what it is, the campaign started in April 2024 before expanding to the beginning of this month. More than 140 fake software were added to the Play Store just in October and November.
The most recent findings from the Italian cybersecurity firm indicate that the plan is more extensive than originally believed, with as many as 331 apps that totaled more than 60 million downloads.
Some of the identified programs have also been spotted attempting to collect credit card data and customer credentials for online services in addition to concealing the app’s symbol from the rocket. Additionally, the malware has the capability to exfiltrate system data to a site that is under the control of an attacker.
, a type of app especially created for Android-based TV equipment, is another method for detecting evasion, and changing its own name and logo to deceive Google Voice.
According to Bitdefender,” Adversaries figured out a way to conceal the apps ‘ icons from the app, which is restricted on newer Android versions.” Even though this may not essentially be achievable in Android 13, the apps may start without user interaction.
According to some, the campaign was the product of a single threat actor or many cybercriminals using the same packing tool that was on sale on underwater forums.
The company continued,” The investigated software bypass Android security limitations to begin actions even if they are not running in the foreground and email the users with unrequited full-screen adverts.” The same conduct is employed when UI elements display phishing attempt.