Cyber ​​security specialists Bitdefender say they have discovered a global cyber threat campaign targeting mobile devices. These threats mainly target users who install apps from sources other than the official Google Play Store, those looking for “modified” apps for popular games and services such as YouTube, Netflix, TikTok, free VPNs, security software, and others

Google AndroidPhoto: Shutterstock

To date, this technology has identified more than 60,000 unique programs that use new techniques to remain undetected and trick users into installing them. At the level of distribution by region, the campaign also targets Romania, with a share of 2.4%.

These threats mainly target users who install apps from sources other than the official Google Play Store, those looking for “modified” apps for popular games and services such as YouTube, Netflix, TikTok, free VPNs, security software, and others

The purpose of the campaign is to aggressively promote ads on Android devices to generate revenue. However, attackers can easily change tactics to redirect users to other types of cyber threats, such as mobile banking Trojans that steal registration and financial information or ransomware.

Such “modded” programs are very popular, as sites are completely dedicated to offering this type of package.

According to Bitdefender experts, this campaign remained undetected for more than six months due to the lack of behavioral detection technologies for Android devices.

After downloading and installing the malicious program, an error message is displayed, which will make the user think that the installation failed. In fact, the app is hidden in the system and only appears in Settings > About app, always at the bottom of the list, with no name and an empty icon, making it difficult for the user to discover.

Attackers are bypassing Google’s attempts (API 30) to remove the ability to hide an app icon on Android to make detection much more difficult.

Displaying full-screen ads is another key functionality for this type of adware. When the user unlocks the phone, the app receives the ad URL from the server and uses the mobile browser to download the ad.

This malware campaign is now automatically detected by Bitdefender Mobile Security during installation as Android.Riskware.HiddenAds.LL.

Attacks on mobile devices are becoming more frequent and sophisticated. Bitdefender experts urge users to be careful when downloading mobile applications. It is recommended that you only download from trusted sources and use an anti-threat solution on all devices.