More than 60,000 Android apps infected with malware

According to CSO Online , a report from Bitdefender notes that the associated threat actors can easily switch tactics to redirect users to other types of malware, such as banking Trojans to steal login credentials, financial information, or ransomware.

To date, Bitdefender has detected over 60,000 Android apps infected with adware, and suspects even more. This malware has been around since at least October 2022, targeting users in the US, South Korea, Brazil, Germany, the UK, and France.

Threat actors use third-party applications to distribute malware because it's not available in any official stores. To persuade users to download and install third-party apps, malware operators hide the threat in highly sought-after items that people can't find in official stores. In certain cases, these apps simply copy apps published in the Google Play Store. Some types of apps mimicked by malware include cracked games, games with unlocked features, free VPNs, fake tutorials, ad-free YouTube/TikTok, cracked utility programs, PDF viewers, and even fake security programs.

Malware-laden applications mimic normal Android apps, installing and prompting users to click "Open" after installation. However, the malware doesn't configure itself to run automatically as this may require additional privileges. Once installed, the malware displays a message saying "app unavailable" to trick users into thinking the malware doesn't exist, but in reality, it has no icon in the launcher and UTF-8 characters in the label, making detection and uninstallation more difficult.

Once launched, the application communicates with the attacker's server and retrieves advertising URLs that will be displayed in the mobile browser or as full-screen WebView ads.

Reportedly, this is just one of several recent incidents involving Android applications containing malware. Last month, an Android spyware called SpinOK was discovered by cybersecurity firm Doctor Web. This malware collects information about files stored on the device and can transfer them to malicious actors. It can also replace and upload clipboard contents to a remote server. Android applications containing SpinOK spyware have been installed more than 421 million times.