Man
Professional
- Messages
- 3,085
- Reaction score
- 623
- Points
- 113
The apps pose as useful utilities and system optimizers for Android, but instead lead to device performance failures and ad fraud. More than two million users have fallen for the scammers' hook. The malicious apps were discovered by specialists from the Dr Web center.
One of the apps, TubeBox, with a total of 1 million installs, was available until last week. It promised users payouts for watching ads, but the newly minted “businessmen” never saw their money.
According to the researchers, even those users who managed to start the process of withdrawing funds from their balance in the application will never receive their earnings. TubeBox is a pure scam that keeps users by promising good payouts, and the advertiser gets non-targeted views. As a result, the developers of the application themselves earn money.
Other malicious applications that were detected and removed included:
Apps receive commands via Firebase Cloud Messaging (a cross-platform service for handling message dispatch, routing, and queuing between a server and a mobile client app) and load the website pages specified in those commands, resulting in fake ad impressions on compromised devices.
Remote administrators can also use an infected user device as a proxy server. This applies to the last app on the list, which has the fewest installations. Attackers use such a server to redirect their traffic through the infected device. At the moment, all detected malicious apps have been removed from the Google Play Store.
One of the apps, TubeBox, with a total of 1 million installs, was available until last week. It promised users payouts for watching ads, but the newly minted “businessmen” never saw their money.
According to the researchers, even those users who managed to start the process of withdrawing funds from their balance in the application will never receive their earnings. TubeBox is a pure scam that keeps users by promising good payouts, and the advertiser gets non-targeted views. As a result, the developers of the application themselves earn money.
Other malicious applications that were detected and removed included:
- Bluetooth device auto connect (bt autoconnect group) – 1 million installations
- Bluetooth & Wi-Fi & USB driver (simple things for everyone) – 100 thousand installations
- Volume, Music Equalizer (bt autoconnect group) – 50 thousand installations
- Fast Cleaner & Cooling Master (Hippo VPN LLC) – 500 installs
Apps receive commands via Firebase Cloud Messaging (a cross-platform service for handling message dispatch, routing, and queuing between a server and a mobile client app) and load the website pages specified in those commands, resulting in fake ad impressions on compromised devices.
Remote administrators can also use an infected user device as a proxy server. This applies to the last app on the list, which has the fewest installations. Attackers use such a server to redirect their traffic through the infected device. At the moment, all detected malicious apps have been removed from the Google Play Store.
